Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'd like to clean out my system of anything bad


  • Please log in to reply
14 replies to this topic

#1 PixelPlay

PixelPlay

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 04:35 AM

I'm sure there are one or two things on my system that are causing mischief and I'm here in hopes to get them all out.

Just today when I logged onto my desktop I noticed right away that my resolution was changed to something smaller than usual, and I had to scroll with my cursor to view the left or right side of the desktop.
I've encountered a virus that has done this before awhile back but got rid of the problem. That was caused by a trojan known as virtumonde.

Edit: Also I just found out it not only did that but set my Color Quality to Medium (16 bit) that was originally at Highest (32 bit).

Maybe a week or so ago Avira AntiVir - AntiVir Guard detected 2 instances of 'TR/StartPage.HMH [trojan]' I made sure to block them of course.
The weird thing was I do scans at least once a week and the scanner didn't detect a thing.
I went to the web and searched, found a thread in the Avira Support Forum and read this person was having a hard time getting rid of it.
I went in safe-mode and did a scan with Avira and Spybot - Search & Destroy nothing came up so I suspected the problem has gone.

Also before any of the above for awhile now whenever I open up My Computer or sometimes even when I click on 'Start' there will be nothing but an animated flashlight that highlights a folder back and fourth in the center as if it's searching, it then eventually loads the content but only after a few seconds. I'm wondering if there is anything behind this or if my computer is just getting old so it takes longer to open something.

Another thing I noticed about a month ago is that when I look under the Processes tab in Task Manager that it says I'm running 2 instances of rundll32.exe there were only one before and I'm not sure if this has anything to do with a problem in my system.
I keep a close eye on my processes and always look up processes that I'm unfamiliar with. Ever since discovering the Processes tab I've had no suspicious processes running.

I've been a major spectator of this forum website reading tutorials and such I've always wanted to get help.

System:
Microsoft Windows XP - Home Edition - Version 2002 - Service Pack 3
1.99 GHz, 448MB of RAM [I heard that's low >>;; now days]
Software:
Avira AntiVir Personal - Free Antivirus
Spybot - Search & Destroy
All users on this computer use Mozilla Firefox [3.01] Portable Edition equipped with add-ons Adblock Plus, NoScript, and WOT.

If there is any other information that I need to post to help you better understand my predicament I'd be more than willing.
Any help is greatly appreciated!

Edited by PixelPlay, 22 December 2008 - 05:53 AM.


BC AdBot (Login to Remove)

 


#2 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 02:50 PM

So today I boot my computer and find that my Avira Guard was turned off but not done by myself.
Edit: And it is usually on whenever I logon.

I check my processes in Task Manager and the whole column under User Name was completely blank I exit it and open it up again the user name column is fine. Weird.

I also found a new process running that I was unfamiliar with msiexec.exe now it's missing, I was uninstalling something and finished a few minutes before I noticed this it was running at about 15,000 K if this has anything to do with it.

Avira is not detecting anything.

I just got finished with a Rootkit search scan with Avira and it comes up with no detection but 47 warnings, I am now performing a complete system scan.

Edited by PixelPlay, 22 December 2008 - 03:01 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 22 December 2008 - 04:41 PM

Hello after that scan please run a Full scan with MBam.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 05:08 PM

Hello boopme thank you for coming to my rescue! How are you today?
Alright successfully downloaded and scanned with MBAM

Oh the dreaded Vundo is on my system here's the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3

12/22/2008 2:04:20 PM
mbam-log-2008-12-22 (14-04-20).txt

Scan type: Quick Scan
Objects scanned: 64505
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\BM9bf26d0e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM9bf26d0e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


- - - - -
It is asking me to restart my system to complete the removal process so I'll be back in a sec.

EDIT: When I logged back onto my desktop to open up Firefox through Run [my usual routine] I noticed that the "Help and Support" & "Search" buttons are on my Start menu which weren't there before. Odd. :thumbsup:

Edited by PixelPlay, 22 December 2008 - 05:29 PM.


#5 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 06:52 PM

I just did another MBAM scan and apparently it's having trouble removing "Hijack.StartMenu" since that showed up the first time.
I'm going to go ahead and reboot to complete the removal process as MBAM suggests and try another scan when I get back.

Here is the logged from this scan:

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3

12/22/2008 3:47:28 PM
mbam-log-2008-12-22 (15-47-28).txt

Scan type: Quick Scan
Objects scanned: 64390
Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 07:13 PM

Alright so the reboot helped get rid of the "Hijack.StartMenu"s.

I'm up for the next step.

Sorry for so many replies just wanted to keep it updated, hope that's not a problem.



Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3

12/22/2008 4:03:59 PM
mbam-log-2008-12-22 (16-03-59).txt

Scan type: Quick Scan
Objects scanned: 64392
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 22 December 2008 - 08:28 PM

Great,no problem. It's what we needed to do. Update,scan,remove and reboot.

Now lets run these 2
ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

SAS:may need an hour/...
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Now them MBam routine..tell us how the machine is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 09:12 PM

Alright downloaded and installed ATF Cleaner and it was able to free up about 258MB wow o.o

Even though I stated that I use Mozilla Firefox it is Portable Edition from http://www.portableapps.com/ so ATF didn't recognize that I use Firefox.

Firefox Portable is used on a USB drive and we use it from 2 different USB drives my mom and I have separate USB drives and Firefox Portable on each.

I was able to download and install SAS Free and set it to the setting specified so now I'm going to go ahead and boot in Safe Mode and be right back with the log.

Also regarding the MBAM spiel I did another scan the 2 instances of "Hijack.StartMenu" were back I don't understand why.

Besides that since every reboot that I have done going back to the problems I posted in the intro. post my resolution or color quality haven't changed at random so that's good!

#9 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 10:53 PM

So here's my SAS log while in Safe Mode I had it scan C and D drives as well as the 2 USB drives [J and K] I mentioned in my last post.

Vundo was found yet again! They were put in the quarantine.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/22/2008 at 07:39 PM

Application Version : 4.23.1006

Core Rules Database Version : 3682
Trace Rules Database Version: 1660

Scan type : Complete Scan
Total Scan Time : 01:20:53

Memory items scanned : 159
Memory threats detected : 0
Registry items scanned : 4832
Registry threats detected : 0
File items scanned : 48420
File threats detected : 3

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ORQSS.INI
C:\WINDOWS\SYSTEM32\TTTSS.INI
C:\WINDOWS\SYSTEM32\TTTSS.INI2

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 22 December 2008 - 11:25 PM

This is looking good,, How are the PC issues now?

You should clean the flash drive's anyway with Flash_Disinfector.exe by sUBs. Follow quietman7"s instuctions in post 2 here.
http://www.bleepingcomputer.com/forums/ind...ash+disinfector
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 22 December 2008 - 11:49 PM

Everything seems fine I'm still a little paranoid if something were to come back.

Would you recommend keeping the programs you asked me to install?

I'll be sure to follow quietman7's instructions.

Is there anything else I should post here?

One more question, is it possible to acquire a virus, trojan, etc. through watching videos on youtube, metacafe etc. type websites?


Also I'd like to let you know this experience was very helpful and surprisingly smooth! Thank you SO much!

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 23 December 2008 - 12:07 AM

Hi you're welcome and thank you. Youtube is fairly safe. I'm not as confident in the other. I would keep these and update them prior to scans. Scan weekly. you should also check your drive for defragmenting every month or so.
Please also read quietman7's topics here to prevent these things..
Tips to protect yourself against malware and reduce the potential for re-infection, be sure to read:
POST #8 http://www.bleepingcomputer.com/forums/t/162087/winprotector-38/


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 23 December 2008 - 12:35 AM

Maybe you could help me with this or should I start a new topic?

Regarding quietman7's instructions:

I ran Flash_Disinfector.exe. After the program did what ever, it had a dialog box saying "done!" with the option OK.
So I figured it was finished but Flash_Disinfector.exe did not create a hidden folder named autorun.inf on my 3 USB drives that I plugged in noted by quietman7.

My Folder Options are set to show hidden objects, perhaps it didn't work?
I rebooted my computer anyway as stated in his instructions.

Downloaded and installed ClamWin Portable Antivirus on my main USB drive [J] was able to update it as well.
I ran into trouble when I tried scanning with it though, Avira Guard instantly appeared.
I tried 3 times to scan with ClamWin but every time Avira Guard would pop up.

Virus or unwanted program 'HTML/Crypted.Gen [virus]'
detected in file 'C:\Documents and Settings\Name\Local Settings\Temp\clamav-e17152cbb9cdb985d10558df918f6a41.00000df4.clamtmp\daily.ndb.
Action performed: Deny access
---
Virus or unwanted program 'HTML/Crypted.Gen [virus]'
detected in file 'C:\Documents and Settings\Name\Local Settings\Temp\clamav-a0bd91b4de92870603bb44adfdf20175.00000df4.clamtmp\main.ndb.
Action performed: Deny access
---
Virus or unwanted program 'HTML/Crypted.Gen [virus]'
detected in file 'C:\Documents and Settings\Name\Local Settings\Temp\clamav-738fe4c09f8a31a582523d7dd4108e16.00000f28.clamtmp\daily.ndb.
Action performed: Deny access

I denied access just in case, are these legit are they being caused my ClamWin?
Edit: Is it alright to select 'Ignore' when Avira Guard pops up? Will this effect any future problems similar to this one like will it bypass Avira Guard?

Also am I suppose to install ClamWin on each USB drive individually?

I've yet start up on the System Restore instruction yet I guess I'll get to that now.

Edited by PixelPlay, 23 December 2008 - 12:46 AM.


#14 PixelPlay

PixelPlay
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 PM

Posted 23 December 2008 - 01:20 AM

I'm also still getting Hijack.StartMenu when I preform a Quick Scan with MBAM. Could you help me better understand what these are and why they keep occurring?

Vendor ---------- | Category ----- | Items -------------------------------------------------------------------------------------------------------------------- | Other
Hijack.StartMenu | Registry Data | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch | Bad: (0) Good: (1)
Hijack.StartMenu | Registry Data | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp | Bad: (0) Good: (1)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 23 December 2008 - 10:50 AM

If you still get thise hijacks, Hold off on the restore point as you're not cleaned. Some thing is protecting this and needs to be found.
You should Start another topic on Flash disinfector as it is really separate and will be of benefit to others that way.

I think you should post a HiJack This log and have them straighten out all the other issues. Please folow the guide..You can go to steps 6 & 7.
Preparation Guide For Use Before Posting A Hijackthis Log

Edited by boopme, 23 December 2008 - 10:51 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users