Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Home Page + Can't Access Windows Updates


  • This topic is locked This topic is locked
9 replies to this topic

#1 wardy

wardy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 11 July 2006 - 12:24 AM

hi all
need a bit of help. at present i don't have a home page, i just get microsoft.com/isapi/redir.dll. even if i set
google as my home page i still get this in the address bar.
also i can't access windows updates, i get the same message in the address bar.
i'm also getting pop-ups all the time saying to download winantivrus scan
here's my hijack this log.
thanks in advance for any help/advice
wardy

Logfile of HijackThis v1.99.1
Scan saved at 06:10:58, on 11/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Owner\My Documents\applications\HijackThis.exe
C:\WINDOWS\update\updmangr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [Microsoft ® Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RegEasy.exe] C:\Program Files\RegistryEasy\RegEasy.exe
O4 - HKCU\..\Run: [Generic Host Process8 System Backup] scvhost8.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152355415413
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFD80A58-5A39-4CDB-A383-2653B4535B3E}: NameServer = 80.225.255.50 80.225.255.58
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\
O20 - Winlogon Notify: vtstq - C:\WINDOWS\
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 July 2006 - 01:48 AM

Hi,

Welcome to BleepingComputer. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a BleepingComputer Staff Expert reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this issue on this machine.
If youre unsure of anything at all please stop and ask!
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#3 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 July 2006 - 09:20 AM

One or more of the identified infections is a backdoor trojan.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 wardy

wardy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 11 July 2006 - 02:00 PM

hi agrarianmonk
the history behind this is: bought new motherboard and processor. on my old set-up i burnt all the stuff i'd normally use in protecting my computer + various programmes etc, onto a dvd. when i went to load the stuff up, my dvd (pioneer DVR106d) will only recognise cd's. so i went onto the internet to get what drivers i could for my dvd and within 10 mins i had pop-ups and redirections to other pages. i normally use the internet to do banking also ebay transactions. if possible could you have a go at fixing the problem
greatfully appreciated
wardy

#5 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 July 2006 - 03:40 PM

Please install an antivirus first, because it doesn't make any sense to remove malware from your system if no scanner is preventing them from reinfecting your computer.

AVG Anti-Virus, Avira OR Avast Home Edition are good FREE antivirus scanners.
After installing ONE antivirus program, download the latest signatures, and do a full system scan.

VERY IMPORTANT: Never install more than ONE antivirus scanner and firewall on your system! Several together can give problems and decrease their reliability and effectiveness!

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#6 wardy

wardy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 12 July 2006 - 05:04 AM

hi again agrarianmonk
done as you said and ran vundofix. it showed no files were found so nothing could be fixed and the winantivirus pop-ups are getting worse.
installed avast anti virus (normally have AVG but it's on the dvd and at present my e-mail isn't set-up to
alow me to register
any advice yet again appreciated
wardy

#7 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 12 July 2006 - 03:51 PM

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.


Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
sc stop UpdateManagerTool
sc delete UpdateManagerTool
exit

Double click FixServices.bat. A window will open and close. This is normal.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [Microsoft Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKCU\..\Run: [Generic Host Process8 System Backup] scvhost8.exe
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\
O20 - Winlogon Notify: vtstq - C:\WINDOWS\
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

***************************************

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***************************************

Next, we need to Reveal Hidden Files

1. Click Start.
2. Open My Computer.
3. Select Tools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Show hidden files and folders in the Hidden files and folders section.
7. Uncheck Hide protected operating system files (recommended) option.
8. Uncheck the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

***************************************

Using Windows Explorer/My Computer, please delete the following files/folders if still present:

C:\Program Files\ULI5289\ << folder
C:\WINDOWS\System32\spnsvc.dll << file
C:\Windows\System32\scvhost8.exe << file
C:\WINDOWS\update\ << folder

please note any files/folders you couldn't find.


Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
***************************************

reboot your system back into Normal Mode

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
in your next post, please include
  • new hijackthis log
  • ewido log
  • panda log
Your may need several replies to post the requested logs, otherwise they might get cut off.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#8 wardy

wardy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 14 July 2006 - 12:16 AM

hi
done all you said.on the files to delete couldn't find the
C:\WINDOWS\System32\spnsvc.dll << file
C:\Windows\System32\scvhost8.exe << file
C:\WINDOWS\update\ << folder
here are the logs

ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 05:28:03 14/07/2006
+ Scan result:
C:\WINDOWS\system32\sygwin1.exe -> Backdoor.Rbot.bcj : Cleaned with backup (quarantined).
::Report end

panda scan
Incident Status Location
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs
Adware:adware/yoursearchengine Not disinfected c:\windows\winlogon.exe
Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\anti virus\VirtumundoBeGone.exe[]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\d2FyZHk\xZIVtJ4.vbs
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i

hijack this
Logfile of HijackThis v1.99.1
Scan saved at 06:14:47, on 14/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dumprep.exe
C:\WINDOWS\System32\dumprep.exe
C:\WINDOWS\System32\dumprep.exe
C:\WINDOWS\System32\dumprep.exe
E:\downloads\applications\anti virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RegEasy.exe] C:\Program Files\RegistryEasy\RegEasy.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152355415413
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFD80A58-5A39-4CDB-A383-2653B4535B3E}: NameServer = 80.225.255.50 80.225.255.58
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Microsoft Windows Protection (Windows Protection Service) - Unknown owner - C:\WINDOWS\winlogon.exe

hopefully this'll do it
many thanks again
your time and effort are greatly appreciated
thanks
wardy

#9 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 14 July 2006 - 08:11 AM

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
sc stop "Windows Protection Service"
sc delete "Windows Protection Service"
exit

Double click FixServices.bat. A window will open and close. This is normal.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O23 - Service: Microsoft Windows Protection (Windows Protection Service) - Unknown owner - C:\WINDOWS\winlogon.exe

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

Using Windows Explorer/My Computer, please delete the following files/folders if still present:

C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll << file
c:\windows\uninstall_nmon.vbs << file
c:\windows\winlogon.exe << file (do not confuse it with the legitimate winlogon.exe that exists in the C:\Windows\System32 folder!
c:\program files\common files\Download << folder
C:\WINDOWS\d2FyZHk\ << folder
C:\Program Files\ULI5289\ << folder

please note any files/folders you couldn't find.

Then, reboot and post a new hijackthis log.

*also let me know how your computer is running at the moment and if any problems persist.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#10 agrarianmonk

agrarianmonk

  • Members
  • 522 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 27 July 2006 - 12:39 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
agrarianmonk

Posted Image

Requests for help via PM will be ignored. Please post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users