Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT log having problems with pop-ups and MSN-Messenger

Started by EENTH , Nov 03 2006 07:41 AM

  • Please log in to reply

#1
EENTH
Posted 03 November 2006 - 07:41 AM

EENTH

    New Member

  • Member
  • Pip
  • 9 posts
Hello,

Im having problems with some pop-ups that are coming when I start my internet and when I start my internet the start-up page has been changed, and my MSN-Messenger isnt working right. Can anyone please help me?
Best Regards
EENTH



Logfile of HijackThis v1.99.1
Scan saved at 14:36:27, on 03.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Norman\bin\ZLH.EXE
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\dfndrff_e46a.exe
C:\kybrdff_e46.exe
C:\nwnmff_e46.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Steam\Steam.exe
C:\Programfiler\Logitech\MouseWare\system\em_exec.exe
C:\Programfiler\MicroStar\WLANUtility\WlanUtility.exe
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\MicroStar\WLANUtility\WLAN_Service.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\bin\niu.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\WinRAR\WinRAR.exe
C:\DOCUME~1\Privat\LOKALE~1\Temp\Rar$EX00.875\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F481B98D-682C-46FE-8526-649B84157A05} - C:\Programfiler\MSN Gaming Zone\sadepocas.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e46a.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e46.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e46.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programfiler\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WlanUtility.lnk = C:\Programfiler\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1113418839656
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 03 November 2006 - 01:34 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:



Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
EENTH
Posted 10 November 2006 - 08:23 AM

EENTH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello again, heres the log:

Privat - 06-11-10 15:19:17,56 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Privat\Skrivebord"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\teller2.chk
C:\dfndrff_e35.exe
C:\dfndrff_e41.exe
C:\dfndrff_e42.exe
C:\dfndrff_e45.exe
C:\dfndrff_e46a.exe
C:\dfndrff_e48.exe
C:\dfndrff_e50.exe
C:\dfndrff_e51.exe
C:\dfndrff_e52.exe
C:\dfndrff_e53.exe
C:\dfndrff_e54.exe
C:\drsmartload.exe
C:\deskbar_e34.exe
C:\deskbar_e37.exe
C:\deskbar_e41.exe
C:\deskbar_e42.exe
C:\deskbar_e45.exe
C:\deskbar_e46.exe
C:\deskbar_e48.exe
C:\deskbar_e50.exe
C:\deskbar_e51.exe
C:\deskbar_e52.exe
C:\deskbar_e53.exe
C:\kybrdff_e41.exe
C:\kybrdff_e42.exe
C:\kybrdff_e45.exe
C:\kybrdff_e46.exe
C:\kybrdff_e48.exe
C:\kybrdff_e50.exe
C:\kybrdff_e51.exe
C:\kybrdff_e52.exe
C:\kybrdff_e53.exe
C:\MTE3NDI6ODoxNgMTE3NDI6ODoxNg.exe
C:\nwnmff_e41.exe
C:\nwnmff_e42.exe
C:\nwnmff_e45.exe
C:\nwnmff_e46.exe
C:\nwnmff_e48.exe
C:\nwnmff_e51.exe
C:\nwnmff_e52.exe
C:\nwnmff_e53.exe
C:\Documents and Settings\Privat\Lokale innstillinger\Temporary Internet Files\Content.IE5\ID2FYNIJ\dfndrff_e_uit[1].exe
C:\Documents and Settings\Privat\Lokale innstillinger\Temporary Internet Files\Content.IE5\KXGHIDQ9\drsmartload44a[1].exe
C:\Documents and Settings\Privat\Lokale innstillinger\Temporary Internet Files\Content.IE5\ID2FYNIJ\deskbar_e[1].exe
C:\Documents and Settings\Privat\Lokale innstillinger\Temporary Internet Files\Content.IE5\KXGHIDQ9\deskbar_e[1].exe
C:\ac3_0010.exe
C:\RDFX4.exe
C:\Programfiler\Fellesfiler\Yazzle1122OinAdmin.exe
C:\Programfiler\Fellesfiler\Yazzle1122OinUninstaller.exe
C:\mc44a48.exe
C:\windows.exe
C:\Programfiler\Inetget2
C:\Programfiler\Fellesfiler\{24800207-0757-1044-0516-03061103002f}
C:\Programfiler\Fellesfiler\{34800207-0757-1044-0516-03061103002f}


((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-09 20:23 434,176 --a------ C:\windows_e53.exe
2006-11-08 18:06 430,080 --a------ C:\windows_e52.exe
2006-11-08 00:11 442,368 --a------ C:\windows_e51.exe
2006-11-03 00:00 28,672 --a------ C:\mc44a46.exe
2006-11-03 00:00 19,456 --a------ C:\DXC9.exe
2006-11-03 00:00 143,360 --a------ C:\yz02.exe
2006-10-29 20:00 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-29 17:06 20,480 --a------ C:\WINDOWS\system32\tut.exe
2006-10-23 19:02 113,664 --a------ C:\WINDOWS\system32\speedy.exe
2006-10-22 13:37 113,664 --a------ C:\WINDOWS\system32\goll.exe
2006-10-22 13:36 113,664 --a------ C:\WINDOWS\goll.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 15:20 -------- d-------- C:\Programfiler\Fellesfiler
2006-11-10 15:15 -------- d-------- C:\Programfiler\Steam
2006-11-10 15:12 -------- d-------- C:\Programfiler\Mozilla Firefox
2006-11-08 18:06 -------- d-------- C:\Programfiler\MSN Messenger
2006-11-03 00:00 -------- d-------- C:\Programfiler\MSN Gaming Zone
2006-10-29 20:18 -------- d-------- C:\Documents and Settings\Privat\Programdata\uTorrent
2006-10-28 10:41 -------- d-------- C:\Programfiler\Silkroad
2006-10-22 15:13 -------- d-------- C:\Documents and Settings\Privat\Programdata\Help
2006-10-22 14:27 -------- d---s---- C:\Documents and Settings\Privat\Programdata\Microsoft
2006-10-16 18:06 -------- d-------- C:\Programfiler\iTunes
2006-10-16 18:06 -------- d-------- C:\Documents and Settings\Privat\Programdata\Apple Computer
2006-10-16 18:05 -------- d-------- C:\Programfiler\QuickTime
2006-10-16 18:05 -------- d-------- C:\Programfiler\iPod
2006-10-16 18:04 -------- d-------- C:\Programfiler\Apple Software Update
2006-10-07 23:15 -------- d-------- C:\Programfiler\Paint.NET
2006-10-07 20:56 -------- d-------- C:\Programfiler\Internet Explorer
2006-10-07 18:41 -------- d-------- C:\Documents and Settings\Privat\Programdata\Leadertech
2006-10-07 17:33 -------- d-------- C:\Documents and Settings\Privat\Programdata\AdobeUM
2006-10-07 17:33 -------- d-------- C:\Documents and Settings\Privat\Programdata\AdobeAUM
2006-10-07 17:33 -------- d-------- C:\Documents and Settings\Privat\Programdata\Adobe
2006-10-06 20:56 -------- d-------- C:\Programfiler\Fellesfiler\Adobe
2006-10-05 14:18 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-10-05 14:15 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-05 13:49 -------- d-------- C:\Programfiler\EA GAMES
2006-10-05 13:27 -------- d-------- C:\Programfiler\WinRAR
2006-10-04 20:20 -------- d--h----- C:\Programfiler\InstallShield Installation Information
2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 16:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-19 09:23 1906 --a------ C:\Documents and Settings\Privat\Programdata\AdobeDLM.log
2006-08-19 09:23 0 --a------ C:\Documents and Settings\Privat\Programdata\dm.ini
2006-08-16 13:00 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programfiler\\Messenger\\msmsgs.exe\" /background"
"Steam"="\"C:\\Programfiler\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="C:\\Programfiler\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH"
"Adobe Photo Downloader"="\"C:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\""
"windows"="C:\\\\windows_e53.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min gjeldende hjemmeside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Programfiler\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-10 15:21:07.10
C:\ComboFix.txt ... 06-11-10 15:21

Best Regards
EENTH
  • 0

#4
Buckeye_Sam
Posted 11 November 2006 - 01:43 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\windows_e53.exe
    C:\windows_e52.exe
    C:\windows_e51.exe
    C:\mc44a46.exe
    C:\DXC9.exe
    C:\yz02.exe
    C:\WINDOWS\system32\tut.exe
    C:\WINDOWS\system32\speedy.exe
    C:\WINDOWS\system32\goll.exe
    C:\WINDOWS\goll.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.


==============



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

==============


Also post a new hijackthis log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP