Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

what do i do now? [RESOLVED]


  • This topic is locked This topic is locked

#1
otismansfla

otismansfla

    Member

  • Member
  • PipPip
  • 24 posts
I saw a reply about removing trojan-spy.smitfraud.c which is what im suffering from.......My question is what is all the computer jargon that follows in the post.........what am i supposed to do with it? :tazz:
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi otis,

Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#3
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
hello usetobe.........thank you for your reply............yes i still have the problem........but the bigger problem might be my computer illliteracy........i dont know what you mean by telling me to add to the HJT log or how i go about adding to it..............please forgive my ignorance..............any tips as to what i need to do to get rid of this blue screen would be helpful............someone told me about spybot s and d..........i used it and it did rid my system of the 180 search assistant and the make me search problem i had but not with this trojan-spy smitfraud.c.........thank you again for your reply.......... :
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Otis,

Pleae go here and follow these instructions firtst.

Go here first.
  • 0

#5
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:30:15 PM, on 5/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SRVC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\DESKTOP\SSAAD.EXE
C:\WINDOWS\SYSTEM\SERVICES\{5841B113-432E-4EED-B4A8-830216FA5D1C}\SVCHOST.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\FREECELL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\4ZCZKJED\HIJACKTHIS[1].EXE
C:\WINDOWS\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBARBHO.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [Local runole service] C:\WINDOWS\System\srvc32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\WINDOWS\DESKTOP\SSAAD.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{5841B113-432E-4EED-B4A8-830216FA5D1C}\SVCHOST.EXE
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D968526-D110-47C2-999D-6BC4BDC60557} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D968526-D110-47C2-999D-6BC4BDC60557} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {66A927FC-9B05-4BDD-A654-4459EF7FC16A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {66A927FC-9B05-4BDD-A654-4459EF7FC16A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F9CDC86D-24FA-4F57-A564-E4CBAF9E957D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9CDC86D-24FA-4F57-A564-E4CBAF9E957D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {45C73EFE-BBAA-42C8-AC11-278567DFE6F4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {45C73EFE-BBAA-42C8-AC11-278567DFE6F4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {56A4F656-D43D-4C8F-96BD-E405F59105F4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {56A4F656-D43D-4C8F-96BD-E405F59105F4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.support.f...oad/tgctlcm.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/...gx/GrooveAX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#6
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi otis,

Lets see if we can clear up this mess.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

I need you open up notepad, to copy all of the Killbox file paths below and paste them into Notepad.

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe


* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBARBHO.DLL
O2- BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\SYSTEM\WER8274.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [Local runole service] C:\WINDOWS\System\srvc32.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{5841B113-432E-4EED-B4A8-830216FA5D1C}\SVCHOST.EXE
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file)
G(N) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file)
G(N) O9 - Extra button: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
G(N) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {5D968526-D110-47C2-999D-6BC4BDC60557} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D968526-D110-47C2-999D-6BC4BDC60557} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {66A927FC-9B05-4BDD-A654-4459EF7FC16A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {66A927FC-9B05-4BDD-A654-4459EF7FC16A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F9CDC86D-24FA-4F57-A564-E4CBAF9E957D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F9CDC86D-24FA-4F57-A564-E4CBAF9E957D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {45C73EFE-BBAA-42C8-AC11-278567DFE6F4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {45C73EFE-BBAA-42C8-AC11-278567DFE6F4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0E72A96-D7E7-4A3B-830B-635CEA97CB5A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {56A4F656-D43D-4C8F-96BD-E405F59105F4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {56A4F656-D43D-4C8F-96BD-E405F59105F4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E6AE8A2F-F4C4-4CD4-A49E-92648BF2AD18} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe


Close HiJackThis.

Now using windows explorer, locate the following files and if found, delete them.

C:\PROGRAM FILES\VIEWPOINT\ <<<----ENTIRE FOLDER
C:\WINDOWS\SYSTEM\WER8274.DLL
C:\WINDOWS\System\srvc32.exe
C:\WINDOWS\SYSTEM\Services\{5841B113-432E-4EED-B4A8-830216FA5D1C}\SVCHOST.EXE
C:\WINDOWS\System\spoolsrv32.exe
C:\WP.EXE
C:\WINDOWS\SYSTEM\WLDR.DLL


Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#7
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
here are the activescan results. thank you for help. i will let you know if this works.

Attached Files


  • 0

#8
Guest_usetobe_*

Guest_usetobe_*
  • Guest
New HJT log please
  • 0

#9
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I had my teenage son follow the instructions you gave us .........Thank you so much for removing this menace from my computer.........the blue screen is gone and all the make me search problems have disappeared............i think ........we contacted norton anti virus to update our virus protection immediately following your instructions...........while trying to download their program a spybot s +d box appeared asking us if we want to allow certain changes to be allowed to our system..............not knowing which way to reply we denied approval............now we can not use these norton programs..............we contacted norton.......they sent us a process to try to fix this problem.................in running the process the s+ d boxes keep appearing asking us if we will allow changes.........i am totally confused as to what action to take...............also an error box appears on our system that states-....symsetup has caused an errorin ASCOMPBR.DLL.symsetup will now close.*error*.......if you continue to experience problems try restarting your computer-...........what does this mean?any more help will be greatly appreciated and irregardless of any further help you might or might not be able to give i will be glad to make a contribution for your services already rendered...........look forward to your reply.....
  • 0

#10
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi otis,

You can safely allow S&D to make changes, if they relate to norton, whilst you are updating.

The error you are getting relates to Norton as well.

Personally, i would uninstall Norton and download and install a free Antivirus from Grisoft called AVG....it is very good

avg here

Please also rescan your computer with HJT and post the log back so i can make sure there is no more work to do.

Regards,

Usetobe
  • 0

Advertisements


#11
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I am now awaiting a reply back from symantec concerning their instructions on performing a *clean boot*-during the process iam supposed to go to msconfig and select -selective startup-then click on the startup tab and select -*statemgr-.....i cannot find this box in there...........they have not replied yet...have you any suggestions as to how i should proceed?.................thank you very much for all of your help............the computer has been running excellent
  • 0

#12
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
usetobe-i have now sent my norton antivirus to the recycle bin and have downloaded avg per your recommendation-my computer has been working great and the viruses seem to have been removed.Is there another way to send you a donation....i am still not comfortable putting my credit card number on line.should i remove the files avg has sent to the virus vault......should i delete them?the program asks if i am sure i want to delete them or empty the vault.........thank you again also you said i should do another hjl ..........is now the time?............otis
  • 0

#13
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Otis,

Is there another way to send you a donation....i am still not comfortable putting my credit card number on line.


It doesn't matter about donating, the satisfaction comes by helping you to clean your system and knowing that you are going away happy.

should i remove the files avg has sent to the virus vault......should i delete them?the program asks if i am sure i want to delete them or empty the vault


Yes you can empty and delete the virus vault


you said i should do another hjl


Yes please, post a new HJT log in this thread so that i can give your system the all clear once i have checked it, together with some more good prevention advice
  • 0

#14
otismansfla

otismansfla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
usetobe:please forgive my ignorance once again-what steps do i need to take to post a new log for hjt........do i go back to the begining or start another one from here?.........thank you again for your wonderful help.....ive been bragging about your website to my friends........hope you dont mind............otis
  • 0

#15
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi otis,

Rescan your PC with HJT , copy and paste it into this thread, (that is all you need to do, just the HJT THING AND NOTHING ELSE) you do not need to make a new topic, just click on the reply button, and paste into the white box where you type your replies,

Regards,

Usetobe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP