Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Problem


  • Please log in to reply
5 replies to this topic

#1 Christoph182

Christoph182

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 26 December 2006 - 01:01 AM

Mod Edit --> Moved to more appropriate forum.

Hey guys. Everytime I click on the internet this website shows up instead of my homepage. http://iesecuritytool.com/ How can I stop this. Im pretty sure the problem is spyware or something but I dont know what to do. I have zone alarm and spybot. but they both did nothing.

I ran hijackthis and here is the logfile. What is wrong with my computer? thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:59:51 AM, on 12/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ZoneLabs\UpdClient.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net/zscript/pre.chm::/pre.exe
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: beeper - {951a98d0-dad6-4a77-8280-a494279a884b} - C:\WINDOWS\System32\vwfps.dll
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by D-Trojanator, 26 December 2006 - 07:09 AM.


BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 26 December 2006 - 07:09 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

You are missing one important program on that computer - an antivirus!
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

Please download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Once in Safe Mode, open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Also post a new Hijackthis log.

David

#3 Christoph182

Christoph182
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 26 December 2006 - 09:25 PM

SmitFraudFix v2.131

Scan done at 21:20:46.17, Tue 12/26/2006
Run from C:\Documents and Settings\Christopher\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{951a98d0-dad6-4a77-8280-a494279a884b}"="beeper"

[HKEY_CLASSES_ROOT\CLSID\{951a98d0-dad6-4a77-8280-a494279a884b}\InProcServer32]
@="C:\WINDOWS\System32\vwfps.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{951a98d0-dad6-4a77-8280-a494279a884b}\InProcServer32]
@="C:\WINDOWS\System32\vwfps.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\vwfps.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\vwfps.dll -> Deleted


Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\web.exe Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\Program Files\AntiVermins\ Deleted
C:\Program Files\Video ActiveX Object\ Deleted

Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End






Logfile of HijackThis v1.99.1
Scan saved at 9:24:45 PM, on 12/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nesunex.mht!http://adsextend.net/zscript/pre.chm::/pre.exe
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\System32\sdpasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 27 December 2006 - 06:54 AM

Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

You are missing one important program on that computer - an antivirus!
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply.

David

#5 Christoph182

Christoph182
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 27 December 2006 - 02:03 PM

KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 27, 2006 2:02:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/12/2006
Kaspersky Anti-Virus database records: 240258


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 48975
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 1
Duration of the scan process 00:41:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\Christopher\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\History\History.IE5\MSHist012006122720061228\index.dat Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\Temp\~DF8A0C.tmp Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\YL1UVQ5W\index[1].exe Object is locked skipped

C:\Documents and Settings\Christopher\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Christopher\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\hijackthis\backups\backup-20050826-030354-962.dll Object is locked skipped

C:\Program Files\hijackthis\backups\backup-20060818-125357-257 Infected: Exploit.HTML.Mht skipped

C:\Program Files\hijackthis\hijackthis.log Suspicious: Exploit.HTML.Mht skipped

C:\RECYCLER\S-1-5-21-1275210071-1935655697-725345543-1003\Dc81.exe Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076192.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076212.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076230.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076250.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076270.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076279.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076288.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076296.exe Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076297.exe Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076298.exe Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076303.dll Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP407\A0076312.exe Object is locked skipped

C:\System Volume Information\_restore{35C3B05E-DFB2-49F0-8B89-A728DAF6F66C}\RP408\change.log Object is locked skipped

C:\WINDOWS\4jgfqj5v.exe Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\3138302D2D2D.exe Object is locked skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\file.exe Object is locked skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\file.exe Object is locked skipped

C:\WINDOWS\Downloaded Program Files\file.exe Object is locked skipped

C:\WINDOWS\Downloaded Program Files\jabber.ocx Object is locked skipped

C:\WINDOWS\Downloaded Program Files\win32.exe Object is locked skipped

C:\WINDOWS\Internet Logs\CHRIS.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\recife.exe Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\jgrf.dll Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\Temp\ZLT0492e.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT075c3.TMP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 27 December 2006 - 06:33 PM

Hey there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Now search and delete:

C:\WINDOWS\recife.exe
C:\WINDOWS\system32\jgrf.dll
C:\WINDOWS\4jgfqj5v.exe
C:\WINDOWS\Downloaded Program Files\3138302D2D2D.exe
C:\WINDOWS\Downloaded Program Files\file.exe
C:\WINDOWS\Downloaded Program Files\win32.exe

Go to start > run and type regsvr32 occache.dll

We need to purge your infected system restore points.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Now, we want to create a new, clean restore point.
Please first reboot your computer.
Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create and you're done.

Reboot a final time, how is the PC running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users