Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I'm Infected With A Trojan


  • This topic is locked This topic is locked
11 replies to this topic

#1 kmajchro

kmajchro

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 03 September 2008 - 01:28 PM

Google search results are getting redirected, and an occaisional pop-up opens. Ran the following:

Ad-Aware - picks up cookies only
AVG - picks up JS/Downloader.Agent, removes but reappears on restart
Spybot - found nothing
Panda Online - found nothing
Stinger - found nothing

I had to update Ad-aware manually as the infection is blocking updates (including Windows update and java scripting on web sites sometimes). I did turn on Windows auto-update and it has downloaded the up to date security updates.

Here's the hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:42, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8C5992A-BF6E-4701-8F01-968590C24642}: NameServer = 69.144.49.30,69.146.17.2,69.144.49.29
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 3606 bytes

BC AdBot (Login to Remove)

 


#2 kmajchro

kmajchro
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 04 September 2008 - 10:12 AM

Since I first posted, I have noticed the following:

1. 2 days in a row, AVG full scan has found nothing
2. Windows Update is trying to install security updates, but fails each time
3. Windows Defender found nothing.
4. Still get the occaisional redirect on serach results in browser

Thanks.

#3 kmajchro

kmajchro
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 08 September 2008 - 10:38 AM

Update - AVG ran each night this weekend, found nothing. I switched browsers to Google Chrome, and have not been using IE. MS Update still won't install the security updates.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 21 September 2008 - 08:46 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#5 kmajchro

kmajchro
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 September 2008 - 10:38 PM

No problem on the delay - I firgured it would take time.

An update -

Still can't install MS Updates, the updater starts but I get "failed" on each component.
Started using Google Chrome as IE is certainly hurting.

What would be beneficial - let me know and I'll get it posted right away. Thanks.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 22 September 2008 - 11:05 AM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#7 kmajchro

kmajchro
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 September 2008 - 02:17 PM

Combofix -

ComboFix 08-09-20.05 - Administrator 2008-09-22 10:27:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.577 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\install_flash_player.exe
C:\Documents and Settings\Administrator\Application Data\inst.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\drivers\msliksurserv.sys
C:\WINDOWS\system32\msliksurcredo.dll
C:\WINDOWS\system32\msliksurdns.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-21 20:46 . 2008-09-21 20:46 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-20 09:47 . 2008-09-20 09:47 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-09-15 21:06 . 2008-09-15 21:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-09-08 11:02 . 2008-09-21 21:34 0 --a------ C:\hpfr5550.xml
2008-09-03 11:47 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-03 11:32 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-03 11:31 . 2008-09-03 11:31 <DIR> d-------- C:\Program Files\Panda Security
2008-09-03 11:24 . 2008-09-03 11:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 09:23 . 2008-09-03 09:23 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-02 22:44 . 2008-09-02 22:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 21:06 . 2008-09-03 11:19 2,006 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-02 20:45 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-02 20:45 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-02 19:33 . 2008-09-02 19:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-02 19:29 . 2008-09-02 19:29 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-02 19:29 . 2008-09-02 19:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-02 19:28 . 2008-09-22 08:03 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-02 19:28 . 2008-09-02 19:28 <DIR> d-------- C:\Program Files\AVG
2008-09-02 19:28 . 2008-09-02 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-02 19:28 . 2008-09-02 20:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-09-02 19:28 . 2008-09-02 19:29 8,192 --a------ C:\Documents and Settings\promgt1
2008-09-02 19:28 . 2008-09-02 19:29 8,192 --a------ C:\Documents and Settings\ADMINI~1.PDC
2008-09-02 19:26 . 2008-09-02 19:27 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-02 18:05 . 2008-09-02 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-02 17:58 . 2008-09-02 17:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-02 15:44 . 2008-09-02 15:44 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-09-02 13:26 . 2008-09-02 13:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-09-02 13:07 . 2008-09-20 09:47 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-02 12:59 . 2008-09-02 15:48 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-09-02 12:53 . 2008-09-02 15:48 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-09-02 12:53 . 2008-09-02 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-01 11:00 . 2008-09-03 11:12 <DIR> d-------- C:\Temp\backups
2008-09-01 10:56 . 2008-09-01 10:56 <DIR> d-------- C:\Program Files\InterMute
2008-09-01 10:06 . 2008-09-01 10:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-09-01 10:02 . 2008-09-01 10:02 <DIR> d-------- C:\Program Files\Webroot
2008-09-01 10:02 . 2008-09-01 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-09-01 10:02 . 2008-09-01 10:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-09-01 10:02 . 2008-08-09 17:04 1,538,928 --a------ C:\WINDOWS\WRSetup.dll
2008-08-31 22:18 . 2008-08-31 22:18 164 --a------ C:\install.dat
2008-08-27 17:19 . 2008-08-27 17:19 <DIR> d-------- C:\Program Files\TryMedia
2008-08-27 15:47 . 2006-09-28 17:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-08-27 15:39 . 2008-08-27 15:47 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-08-27 15:39 . 2008-08-27 15:39 <DIR> d-------- C:\WINDOWS\Logs
2008-08-27 15:25 . 2008-08-27 15:26 <DIR> d-------- C:\Program Files\Microsoft Money
2008-08-27 12:29 . 2008-08-27 12:29 <DIR> d-------- C:\My Video
2008-08-27 11:53 . 2008-09-15 20:56 <DIR> d-------- C:\Games
2008-08-25 16:35 . 2008-08-25 18:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Vso
2008-08-25 16:35 . 2008-08-25 16:35 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-25 16:35 . 2008-08-25 18:10 47,360 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2008-08-25 12:52 . 2008-08-25 16:35 <DIR> d-------- C:\Program Files\AoA DVD Copy
2008-08-25 12:52 . 2008-08-25 12:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-08-24 12:20 . 2008-08-24 12:20 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-08-24 12:17 . 2008-08-24 12:17 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-08-24 12:14 . 2008-08-24 12:14 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-08-24 12:06 . 2008-08-24 12:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-24 11:59 . 2008-05-01 08:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-24 11:56 . 2008-04-11 13:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-24 10:16 . 2008-08-24 10:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-08-23 18:19 . 2008-08-23 18:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel Photo Album

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 15:47 --------- d-----w C:\Program Files\Java
2008-09-16 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 17:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 04:44 --------- d-----w C:\Program Files\Lavasoft
2008-09-03 04:42 --------- d-----w C:\Program Files\Cheat Engine
2008-09-03 04:37 --------- d-----w C:\Program Files\QuickTime
2008-09-03 01:19 --------- d-----w C:\Program Files\ESET
2008-09-01 17:42 --------- d-----w C:\Program Files\Dell
2008-09-01 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-01 17:38 --------- d-----w C:\Program Files\Crystal Decisions
2008-09-01 16:56 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-08-24 18:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-24 18:20 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-24 00:19 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-13 02:30 --------- d-----w C:\Program Files\Windows Live
2008-08-13 02:25 --------- d-----w C:\Program Files\Common Files\Peach
2008-08-09 21:42 29,808 ----a-w C:\WINDOWS\system32\drivers\ssfs0bbc.sys
2008-08-09 21:42 23,152 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-09 21:42 166,512 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-08 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-08-07 03:14 --------- d-----w C:\Program Files\RealData
2008-08-01 19:33 --------- d-----w C:\Program Files\Playrix Games
2008-08-01 18:35 --------- d-----w C:\Program Files\ReflexiveArcade
2008-07-31 17:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 17:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 17:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-31 17:29 --------- d-----w C:\Program Files\MUSICMATCH
2008-07-31 17:26 --------- d-----w C:\Program Files\RDS
2008-07-31 17:26 --------- d-----w C:\Program Files\Citrix
2008-07-31 17:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-31 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2008-07-22 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-12 15:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 15:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 15:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2006-12-21 21:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-02 1235736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-20 144792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2005-12-19 07:08 1347584 C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 05:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 17:51 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
--a------ 2004-04-01 07:51 1589248 C:\dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-07-16 20:29 389120 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 19:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2006-08-30 10:59 28672 c:\dell\E-Center\EULAl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 09:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 18:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 18:20 110592 C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 01:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
--a------ 2005-08-17 12:10 24576 C:\dell\Utilities\DSR\demo\DEMO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-06-28 22:29 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 05:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-21 11:29 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 10:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 15:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"ose"=3 (0x3)
"Norton Ghost"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"MDM"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"GEARSecurity"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"aawservice"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Games\\GT Interactive\\Driver\\game.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-02 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 MSSQL$EDSINSTANCE;SQL Server (EDSINSTANCE);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;C:\WINDOWS\system32\srvany.exe [2007-08-29 13608]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-dla - C:\WINDOWS\system32\dla\tfswctrl.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-InCD - C:\Program Files\Ahead\InCD\InCD.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
MSConfigStartUp-MSKDetectorExe - C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-Norton Ghost 10 - C:\Program Files\Norton Ghost\Agent\GhostTray.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-PCMService - C:\Program Files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O17 -: HKLM\CCS\Interface\{F8C5992A-BF6E-4701-8F01-968590C24642}: NameServer = 192.168.1.1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 12:53:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-22 13:04:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-22 19:04:30

Pre-Run: 23,156,117,504 bytes free
Post-Run: 23,076,933,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

325 --- E O F --- 2008-09-22 15:16:12

HIJACKTHIS LOG -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:22 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8C5992A-BF6E-4701-8F01-968590C24642}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4705 bytes

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 22 September 2008 - 03:46 PM

Please delete these two files, otherwise it looks clean:

C:\WINDOWS\system32\tmp.reg
C:\install.dat

Does the computer seem to be operating better now?

#9 kmajchro

kmajchro
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 23 September 2008 - 12:28 AM

I deleted the files, and will work with IE for the next few days. I will let you know if the browser redirects. Thanks.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 23 September 2008 - 10:44 AM

Ok.. please let me know so I can close the topic and give the all clean speech :thumbsup:

#11 kmajchro

kmajchro
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 29 September 2008 - 08:59 AM

I've been using IE and Google Chrome since my last post, things are looking fine. Guess that Combofix did the trick - what did that do by the way?

Thanks for the help - I certainly appreciate it!

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:33 AM

Posted 29 September 2008 - 09:11 AM

It removed certain malware from your computer. Now that you are clean, lets finish up the log:

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users