Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 KyleCamelot

KyleCamelot

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 07 November 2005 - 05:57 PM

Hey. Unfortunately got into some problems with explorer freezing, and programs hanging. It all started when I looked for a No CD Crack for Civilization IV. I have the program legally, but I kept having to switch its CD with Battlefront's, so I was looking for a way to not have to. Originally, one of the items on the log was something basically mocking my downloading of "pirated" materials. I deleted that, but no help. I followed the help file to get rid of media access, but for some reason it didn't work. I also used hjt to delete the pokapoka79, but it also showed up again after restart. Thanks in advance for the help.



Logfile of HijackThis v1.99.1
Scan saved at 5:49:22 PM, on 11/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\winlogin.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\runservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.p2p-load.de/share/?l=e
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.p2p-load.de/share/?l=e
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.p2p-load.de/share/?l=e
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gamefaqs.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\security\Database\docfont.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Microsoft LSASS Network File] C:\WINDOWS\system32\KLSASS.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\expIorer.exe
O4 - HKLM\..\Run: [Winlogin] C:\WINDOWS\system32\winlogin.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt tzt
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Timer.hta
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://64.106.242.160/FileOpen.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...aploader_v6.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab
O20 - Winlogon Notify: docfont - C:\WINDOWS\security\Database\docfont.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: infosvr - C:\WINDOWS\Registration\infosvr.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 RavenMind

RavenMind

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 08 November 2005 - 03:27 PM

Hi and welcome to Bleeping Computer!

I am currently reviewing your log. Please note that this is under the supervision of a fully certified Analyst, and I will be back to address your problem A.S.A.P.

Please track this thread by going to the top & clicking on Options > Track this topic, so that you are notified when a reply has been made.

Please be patient with me during this time.

Thanks,

RavenMind

#3 RavenMind

RavenMind

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 10 November 2005 - 03:47 AM

Hello, KyleCamelot. Thank you for being patient while I reviewed your log, and my apologies for taking so long.

Important: Copy this page into Notepad & save it. You may also want to print out a copy of these instructions in case you are unable to access Notepad during the fix. Also you may be instructed to download certain tools, so please leave your computer in Normal mode until otherwise directed.

Nortons script blocking service can sometimes interfere with our fixes. Please disable it until your log is declared clean.

I see you have P2P software installed on your machine (i.e. eMule). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to infections. It is certainly responsible for some of your current condition, and the trojan that was downloaded has dropped some malicious files into the eMule folder. Therfore I recommend you uninstall eMule to help get rid of these files, and take the time to consider whether it's worth reinstalling once you're clean.
  • Enable the viewing of hidden files/folders:

    Go to My Computer > Tools > Folder Options > “View” tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible too.



  • Hosts File:

    It looks like your hosts file was changed by a trojan you picked up.

    Please download hosts.zip.
    Extract the file & place it in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC directory. It should ask if you want to replace the existing file; choose "YES".



  • Download VundoFix:

    Download VundoFix.exe to your desktop, and double-click it to extract the files. This will create a VundoFix folder on your desktop. Close the window for now & we’ll run it later.



  • Elitum:

    Download LQfix.zip. Extract the file to Desktop, but do not run it yet, as this MUST be done in Safe Mode.

    Reboot into Safe Mode: Restart the computer. While it’s booting up, tap the F8 key until a numbered menu appears. Choose “Safe Mode”, press Enter, and Windows will continue to load.

    Now run Lqfix.bat



  • End Running Processes:

    Make sure to close any open browsers. Go into HijackThis and click Config > Misc. Tools > Open Process Manager
    Select the following, and click Kill Process for each one that is still listed:

    C:\WINDOWS\system32\winlogin.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\Program Files\Media Access\MediaAccK.exe



  • Program Removals:

    Uninstall the following via “Add/Remove”, if they still exist. (Start > Settings > Control Panel > Add/Remove Programs)

    Media Access
    TV Media
    <<< If it exists
    Wild Tangent

    EmpirePoker: There have been reports of Empire Poker delivering Ads & possibly being responsible for pop-ups. I have never used this program myself, so can not say. If you installed the program yourself & are comfortable with what it does then feel free to keep it. If you choose to remove it I will list the entries to be removed in GREEN.



  • Run VundoFix:
    • While in Safe Mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning.
      It should look like this

      VundoFix V2.15 by Atri
      By using VundoFix you agree that you are doing so at your own risk
      Press enter to continue....

    • At this point press enter one time.
    • Next you will see:

      Please Type in the filepath as instructed by the forum staff
      and then press enter:

    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\security\Database\docfont.dll
    • Press Enter to continue with the fix.
    • Next you will see:

      Please type in the second filepath as instructed by the forum
      staff then press enter:

    • At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\security\Database\tnofcod.*
      This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
    • Press Enter to continue with the fix.
    • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
    • In HiJackThis, please place a check next to the following items and click FIX CHECKED: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.p2p-load.de/share/?l=e
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.p2p-load.de/share/?l=e
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.p2p-load.de/share/?l=e
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
      O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
      O1 - Hosts: <HTML><HEAD>
      O1 - Hosts: <TITLE>404 Not Found</TITLE>
      O1 - Hosts: </HEAD><BODY>
      O1 - Hosts: <H1>Not Found</H1>
      O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
      O1 - Hosts: </BODY></HTML>
      O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\security\Database\docfont.dll
      O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [Microsoft LSASS Network File] C:\WINDOWS\system32\KLSASS.exe
      O4 - HKLM\..\Run: [Winlogin] C:\WINDOWS\system32\winlogin.exe
      O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\expIorer.exe
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt tzt
      O4 - Startup: PowerReg Scheduler V3.exe
      O4 - Global Startup: Windows Timer.hta
      O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
      O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe

      O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
      O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab
      O20 - Winlogon Notify: docfont - C:\WINDOWS\security\Database\docfont.dll
      O20 - Winlogon Notify: infosvr - C:\WINDOWS\Registration\infosvr.dll
      O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
    • After you have fixed these items, close Hijackthis.
    • Press enter to exit the program then manually reboot your computer. (Back to Safe Mode)
    There will be a file generated in the vundofix folder called vundofix.txt. Please paste the contents of this file in your next reply.



  • File Deletions:

    Delete the following FILES indicated in RED and FOLDERS indicated in BLUE, if they still exist.
    • NOTE: If the full path to the file is not listed, then you should do a Search. (”Start” > “Search” > “For files or folders…” > “All files & folders”)
    C:\Program Files\Media Access
    C:\WINDOWS\security\Database\docfont.dll
    C:\Program Files\WildTangent
    C:\WINDOWS\system32\KLSASS.exe
    C:\WINDOWS\system32\expIorer.exe
    C:\Program Files\apsi
    Windows Timer.hta <<< You will have to do a Search for this
    C:\WINDOWS\Registration\infosvr.dll
    C:\WINDOWS\system32\req.dat
    C:\WINDOWS\security\Database\tnofcod.bak1
    C:\WINDOWS\security\Database\tnofcod.bak2
    C:\WINDOWS\security\Database\tnofcod.ini
    C:\WINDOWS\security\Database\tnofcod.ini2
    C:\WINDOWS\security\Database\tnofcod.tmp
    C:\WINDOWS\security\Database\tnofcod.tmp1
    C:\WINDOWS\security\Database\tnofcod.tmp2
    C:\Program Files\EmpirePoker



  • Reboot into Normal Mode.



  • CCleaner:

    Download CCleaner:
    • Click Download Latest Version in the upper righthand corner to begin the download.
    • Install CCleaner to it's own folder.
    • Open CCleaner.
    • Click Cleaner > Run Cleaner > OK
    • Once it has done scanning close the program
  • Online Scan:

    Using Internet Explorer perform an online scan with Panda ActiveScan
    ** click on "Free use ActiveScan" located on the top right hand corner
    • Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
    • Click Scan Now
    • Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
    Begin the scan by selecting My Computer
    • If it finds any malware, it will offer you a report.
    • Click on see report. Then click Save report
    Please post that log in your next reply.
Please post the following items in your next reply:
  • Fresh HJT log, run in Normal Mode
  • Contents of the Vundofix.txt file
  • Results of the Panda Scan


#4 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 November 2005 - 09:15 AM

* * * * * * * * *

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

* * * * * * * * *




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users