Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware/trojans [RESOLVED]

Started by helpneeder , May 24 2005 08:48 AM

  • This topic is locked This topic is locked

#1
helpneeder
Posted 24 May 2005 - 08:48 AM

helpneeder

    New Member

  • Member
  • Pip
  • 3 posts
Having lods of problems :tazz:
have these 2 files assest.dll, frennk.dll cant remove them
also homepage automatically set to some sites like presearchforyou,search-x
also files like atiupld, cmd32 were created (deleted them)
norton got disabled
having lots of hangups
at first icons were also created on desktop but not now
what do i do?????????????????????????

please somebody ;) it will be appreciated
  • 0

Advertisements

#2
greyknight17
Posted 24 May 2005 - 09:07 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please read the first link in my signature (see very bottom) and follow the steps there. Post the HijackThis log here when ready.
  • 0

#3
helpneeder
Posted 09 June 2005 - 08:12 AM

helpneeder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry for the very late reply had problems with the net connection but got it corrected now heres the HJT log but I did not enable all the startup items so i'll post a startup log too. Also now I've got broadband and have new problems, there are many errors in calc , packager , explorer while on the net , there is another file ceres.dll .hope you can :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 7:57:32 PM, on 6/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\EXPLORER.EXE
D:\WUTEMP\COM_MICROSOFT.Q313829_W98_5285\Q313829.EXE
C:\WINDOWS\TEMP\IXP000.TMP\VERINST.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
E:\TOOLS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\TOOLS\SPYBOT~1\SDHELPER.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [DelIE4SetupDir] rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\SYSTEM\ie4setup,1
O4 - HKLM\..\RunOnce: [RunOnceEx] rundll32.exe C:\WINDOWS\SYSTEM\iernonce.dll,RunOnceExProcess
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKLM\..\RunOnce: [885492] C:\WINDOWS\INF\unregmp2.exe
O4 - HKLM\..\RunOnce: [Registering itss.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itss.dll
O4 - HKLM\..\RunOnce: [RegTLib] C:\WINDOWS\RegTLib.exe C:\WINDOWS\SYSTEM\StdOle2.Tlb
O4 - HKLM\..\RunOnce: [Registering xenroll.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s xenroll.dll
O4 - HKLM\..\RunOnce: [Registering hhctrl.ocx..] C:\WINDOWS\SYSTEM\regsvr32 /s hhctrl.ocx
O4 - HKLM\..\RunOnce: [Registering itircl.dll..] C:\WINDOWS\SYSTEM\regsvr32 /s itircl.dll
O4 - HKCU\..\RunOnce: [^SetupICWDesktop] C:\PROGRA~1\INTERN~1\Connection Wizard\icwconn1.exe /desktop
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\1\Launcher.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://F:\VISUAL~9\VJ98\VSTUDIO6.CAB
O16 - DPF: Microsoft WFC Forms Designer - file://F:\VISUAL~9\VJ98\WFCFORMS.CAB
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O21 - SSODL: MgqtOykb - {076118EC-ADCB-B246-B620-49984D468F48} - C:\WINDOWS\SYSTEM\EILF.DLL

++++++++++++++++++++++++++++++++++++++++++++++++++
startup log---

StartupList report, 6/9/05, 7:57:56 PM
StartupList version: 1.52.2
Started from : E:\TOOLS\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\EXPLORER.EXE
D:\WUTEMP\COM_MICROSOFT.Q313829_W98_5285\Q313829.EXE
C:\WINDOWS\TEMP\IXP000.TMP\VERINST.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
E:\TOOLS\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Webshots.lnk = E:\Program Files\Webshots\1\Launcher.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Symantec Core LC = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

DelIE4SetupDir = rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\SYSTEM\ie4setup,1
RunOnceEx = rundll32.exe C:\WINDOWS\SYSTEM\iernonce.dll,RunOnceExProcess
BrandClearStubs = RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
GrpConv = grpconv.exe -o
885492 = C:\WINDOWS\INF\unregmp2.exe
Registering itss.dll.. = C:\WINDOWS\SYSTEM\regsvr32 /s itss.dll
RegTLib = C:\WINDOWS\RegTLib.exe C:\WINDOWS\SYSTEM\StdOle2.Tlb
Registering xenroll.dll.. = C:\WINDOWS\SYSTEM\regsvr32 /s xenroll.dll
Registering hhctrl.ocx.. = C:\WINDOWS\SYSTEM\regsvr32 /s hhctrl.ocx
Registering itircl.dll.. = C:\WINDOWS\SYSTEM\regsvr32 /s itircl.dll

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE
NVSvc = C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccSetMgr = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
NPFMonitor = C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

^SetupICWDesktop = C:\PROGRA~1\INTERN~1\Connection Wizard\icwconn1.exe /desktop

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

[103]
080 = C:\WINDOWS\SYSTEM\rsaenh.dll|DllRegisterServer
= Security
019 = C:\WINDOWS\SYSTEM\csseqchk.dll|DllRegisterServer
015 = C:\WINDOWS\SYSTEM\thumbvw.dll|DllRegisterServer
001 = C:\WINDOWS\SYSTEM\dssbase.dll|DllRegisterServer
003 = C:\WINDOWS\SYSTEM\initpki.dll|DllInstall|I,A
004 = C:\WINDOWS\SYSTEM\pstores.exe -install
005 = C:\WINDOWS\SYSTEM\initpki.dll|DllInstall|I,U
002 = C:\WINDOWS\SYSTEM\rsabase.dll|DllRegisterServer
000 = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ieuinit.inf,BackupCryptoKeys.Win,,36

[104]
035 = grpconv -o
030 = C:\Program Files\Common Files\Microsoft Shared\MSInfo\ieinfo5.ocx|DllRegisterServer
028 = C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll|DllRegisterServer
029 = C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx|DllRegisterServer
= System Services
007 = C:\WINDOWS\SYSTEM\inseng.dll|DllRegisterServer
008 = C:\WINDOWS\SYSTEM\iesetup.dll|DllInstall|i
027 = C:\Program Files\Internet Explorer\hmmapi.dll|DllRegisterServer
020 = C:\WINDOWS\SYSTEM\cryptdlg.dll|DllRegisterServer
002 = C:\WINDOWS\SYSTEM\actxprxy.dll|DllRegisterServer
003 = C:\WINDOWS\SYSTEM\dispex.dll|DllRegisterServer
014 = C:\WINDOWS\SYSTEM\occache.dll|DllRegisterServer
015 = C:\WINDOWS\SYSTEM\occache.dll|DllInstall|i
024 = C:\WINDOWS\SYSTEM\iepeers.dll|DllRegisterServer

[101]
030 = C:\WINDOWS\SYSTEM\shdoc401.dll|DllRegisterServer
031 = C:\WINDOWS\SYSTEM\shdoc401.dll|DllInstall|i
= Browsing Services
020 = C:\WINDOWS\SYSTEM\asctrls.ocx|DllRegisterServer
000 = C:\WINDOWS\SYSTEM\oleaut32.dll|DllRegisterServer
008 = C:\WINDOWS\SYSTEM\shdocvw.dll|DllInstall|I
011 = C:\WINDOWS\SYSTEM\shdocvw.dll|DllInstall|I,ForceAssoc
007 = C:\WINDOWS\SYSTEM\shdocvw.dll|DllRegisterServer
004 = C:\WINDOWS\SYSTEM\browseui.dll|DllRegisterServer
005 = C:\WINDOWS\SYSTEM\browseui.dll|DllInstall|I
010 = C:\WINDOWS\SYSTEM\browsewm.dll|DllRegisterServer
013 = C:\WINDOWS\SYSTEM\msrating.dll|DllRegisterServer
002 = C:\WINDOWS\SYSTEM\mlang.dll|DllRegisterServer
036 = C:\WINDOWS\SYSTEM\dxtrans.dll|DllRegisterServer
037 = C:\WINDOWS\SYSTEM\dxtmsft.dll|DllRegisterServer
014 = C:\WINDOWS\SYSTEM\hlink.dll|DllRegisterServer
035 = C:\WINDOWS\SYSTEM\mstime.dll|DllRegisterServer
012 = C:\WINDOWS\SYSTEM\mshtml.dll|DllRegisterServer
027 = C:\WINDOWS\SYSTEM\mshtmled.dll|DllRegisterServer
009 = C:\WINDOWS\SYSTEM\urlmon.dll|DllRegisterServer
017 = C:\WINDOWS\SYSTEM\plugin.ocx|DllRegisterServer
018 = C:\WINDOWS\SYSTEM\sendmail.dll|DllRegisterServer
003 = C:\WINDOWS\SYSTEM\comctl32.dll|DllInstall|i
021 = C:\WINDOWS\SYSTEM\inetcpl.cpl|DllInstall|i
022 = C:\WINDOWS\SYSTEM\mshtml.dll|DllInstall|i
028 = C:\WINDOWS\SYSTEM\scrobj.dll|DllRegisterServer
033 = C:\WINDOWS\SYSTEM\proctexe.ocx|DllRegisterServer
034 = C:\WINDOWS\SYSTEM\mshta.exe /register
029 = C:\WINDOWS\SYSTEM\corpol.dll|DllRegisterServer

[102]
= Internet Tools
001 = C:\WINDOWS\SYSTEM\jscript.dll|DllRegisterServer
008 = C:\WINDOWS\SYSTEM\msxml.dll|DllRegisterServer
009 = C:\WINDOWS\SYSTEM\msxml3.dll|DllRegisterServer
002 = C:\WINDOWS\SYSTEM\imgutil.dll|DllRegisterServer

[100]
001 = C:\WINDOWS\SYSTEM\setupwbv.dll|SetDefBrowserInfo|
000 = C:\WINDOWS\SYSTEM\wininet.dll|DeleteIE3Cache|
005 = C:\WINDOWS\SYSTEM\atl.dll|DllRegisterServer

[500]
003 = C:\WINDOWS\SYSTEM\wininet.dll|DllInstall|i,HKLM
010 = C:\WINDOWS\SYSTEM\urlmon.dll|DllInstall|i,HKLM
002 = C:\WINDOWS\SYSTEM\digest.dll|DllInstall|i,HKLM

[090]
050 = rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\SYSTEM\dacui.dll
054 = rundll32.exe advpack.dll,DelNodeRunDLL32 C:\WINDOWS\Catroot\icatalog.mdb

[Depend]
oleaut32 = C:\WINDOWS\SYSTEM\oleaut32.dll
urlmon = C:\WINDOWS\SYSTEM\urlmon.dll
wininet = C:\WINDOWS\SYSTEM\wininet.dll

[990]
000 = C:\WINDOWS\SYSTEM\mstinit.exe /setup

[800]
000 = C:\WINDOWS\SYSTEM\cdfview.dll|DllRegisterServer
001 = C:\WINDOWS\SYSTEM\webcheck.dll|DllRegisterServer
002 = C:\WINDOWS\SYSTEM\mobsync.dll|DllRegisterServer

[801]
000 = C:\WINDOWS\SYSTEM\pngfilt.dll|DllRegisterServer
001 = C:\WINDOWS\SYSTEM\licmgr10.dll|DllRegisterServer

[802]
000 = C:\WINDOWS\SYSTEM\hhctrl.ocx|DllRegisterServer

[803]
000 = C:\WINDOWS\SYSTEM\inetcfg.dll|DllRegisterServer
001 = C:\PROGRA~1\INTERN~1\Connection Wizard\trialoc.dll|DllRegisterServer

[804]
000 = C:\WINDOWS\SYSTEM\tdc.ocx|DllRegisterServer
001 = C:\WINDOWS\SYSTEM\MSR2C.DLL|DllRegisterServer

[805]
000 = C:\WINDOWS\SYSTEM\msident.dll|DllRegisterServer

[806]
000 = C:\WINDOWS\SYSTEM\msoeacct.dll|DllRegisterServer
001 = C:\Program Files\Common Files\System\wab32.dll|DllRegisterServer
002 = C:\PROGRA~1\OUTLOO~1\wabimp.dll|DllRegisterServer
003 = C:\PROGRA~1\OUTLOO~1\wabfind.dll|DllRegisterServer

[807]
000 = C:\PROGRA~1\OUTLOO~1\oemiglib.dll|DllRegisterServer
001 = C:\Program Files\Common Files\System\directdb.dll|DllRegisterServer

[808]
000 = C:\WINDOWS\SYSTEM\inetcomm.dll|DllRegisterServer
001 = C:\PROGRA~1\OUTLOO~1\msoe.dll|DllRegisterServer
002 = C:\PROGRA~1\OUTLOO~1\oeimport.dll|DllRegisterServer

[809]
000 = C:\PROGRA~1\COMMON~1\MICROS~1\VGX\vgx.dll|DllRegisterServer

[810]
000 = C:\WINDOWS\SYSTEM\jscript.dll|DllRegisterServer
001 = C:\WINDOWS\SYSTEM\vbscript.dll|DllRegisterServer
002 = C:\WINDOWS\SYSTEM\scrrun.dll|DllRegisterServer
003 = C:\WINDOWS\SYSTEM\scrobj.dll|DllRegisterServer
004 = C:\WINDOWS\SYSTEM\wshom.ocx|DllRegisterServer
005 = C:\WINDOWS\SYSTEM\wshext.dll|DllRegisterServer

[901]
Register JavaCypt = regsvr32.exe /s C:\WINDOWS\SYSTEM\javacypt.dll
Register JavaPrxy = regsvr32.exe /s C:\WINDOWS\SYSTEM\javaprxy.dll
Register MSAwt = regsvr32.exe /s C:\WINDOWS\SYSTEM\msawt.dll
Register MSJava = regsvr32.exe /s C:\WINDOWS\SYSTEM\msjava.dll
Register VMHelper = regsvr32.exe /s C:\WINDOWS\SYSTEM\vmhelper.dll
InitPKI = regsvr32.exe /s /n /i:u initpki.dll

[902]
Install Class Files = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\classes\classes.zip,1,5,00,3810,4,286,C:\WINDOWS\Java\classes\classes.cer
Install MSJDBC = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\classes\msjdbc.zip,1,5,00,3810,4,286,C:\WINDOWS\java\classes\msjdbc.cer
Install Trusted Class Files = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\trustlib\tclasses.zip,1,5,00,3810,6,286,C:\WINDOWS\java\trustlib\tclasses.cer
Register_JDBGmgr = C:\WINDOWS\SYSTEM\jdbgmgr.exe -regserver
Install WFC Class Files = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\classes\wfc.zip,1,1,00,8475,6,286,C:\WINDOWS\Java\classes\wfc.cer,,1

[903]
Install Dx3 Class Files = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\classes\dx3.zip,1,5,00,3810,6,286,C:\WINDOWS\java\classes\dx3.cer
Register DX3J = regsvr32.exe /s C:\WINDOWS\SYSTEM\dx3j.dll
Install XML = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\classes\xmldso.cab,0,0,0,0,4,282
Install OSP = rundll32 C:\WINDOWS\SYSTEM\msjava.dll,JavaPkgMgr_Install C:\WINDOWS\Java\classes\osp.zip,1,3,99,0101,2,287

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 9/6/2005, 19:49:34)

[Rename]
NUL=C:\WINDOWS\SYSTEM\RSAENH.DLL
C:\WINDOWS\SYSTEM\RSAENH.DLL=C:\WINDOWS\SYSTEM\SETE041.TMP
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SETE050.TMP
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SETE051.TMP
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIP32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTNET.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\MSXMLA.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLA.DLL
C:\WINDOWS\SYSTEM\MSXMLR.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLR.DLL
C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML.DLL
C:\WINDOWS\SYSTEM\MSXML3R.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3R.DLL
C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\WLDAP32.DLL
C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSTIME.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\MSRATELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATELC.DLL
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2A4.TMP
C:\WINDOWS\SYSTEM\ADVPACK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2B2.TMP
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2B5.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C0.TMP
C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C2.TMP
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C3.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C4.TMP
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C5.TMP
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C6.TMP
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2C7.TMP
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2D1.TMP
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2D2.TMP
C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2D3.TMP
C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2D4.TMP
C:\WINDOWS\SYSTEM\IMGUTIL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2D5.TMP
C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME2E4.TMP
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME305.TMP
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME310.TMP
C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME311.TMP
C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME312.TMP
C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME313.TMP
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME315.TMP
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACME316.TMP
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SETF051.TMP
NUL=C:\WINDOWS\SYSTEM\SENS.DLL
C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SETF053.TMP
NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL
C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SETF054.TMP
NUL=C:\WINDOWS\SYSTEM\ES.DLL
C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SETF055.TMP
NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\SETF056.TMP
NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SETF060.TMP
NUL=C:\WINDOWS\SYSTEM\PNGFILT.DLL
C:\WINDOWS\SYSTEM\PNGFILT.DLL=C:\WINDOWS\SYSTEM\SETF073.TMP
C:\WINDOWS\SYSTEM\dispex.dll=C:\WINDOWS\SYSTEM\dispex.001
C:\WINDOWS\SYSTEM\jscript.dll=C:\WINDOWS\SYSTEM\jscript.001
C:\WINDOWS\SYSTEM\vbscript.dll=C:\WINDOWS\SYSTEM\vbscript.001
C:\WINDOWS\SYSTEM\888113.qfe=C:\WINDOWS\SYSTEM\hlink.dll
C:\WINDOWS\SYSTEM\hlink.dll=C:\WINDOWS\SYSTEM\hlink.001
C:\WINDOWS\SYSTEM\javacypt.dll=C:\WINDOWS\SYSTEM\javacypt.001
C:\WINDOWS\SYSTEM\msjava.dll=C:\WINDOWS\SYSTEM\msjava.001
C:\WINDOWS\SYSTEM\vmhelper.dll=C:\WINDOWS\SYSTEM\vmhelper.001
C:\WINDOWS\SYSTEM\jscript.dll=C:\WINDOWS\SYSTEM\jscript.002
C:\WINDOWS\SYSTEM\crypt32.dll=C:\WINDOWS\SYSTEM\crypt32.001
C:\WINDOWS\SYSTEM\schannel.dll=C:\WINDOWS\SYSTEM\schannel.001
C:\WINDOWS\SYSTEM\softpub.dll=C:\WINDOWS\SYSTEM\softpub.001
C:\WINDOWS\SYSTEM\msnet32.dll=C:\WINDOWS\SYSTEM\msnet32.001
C:\WINDOWS\SYSTEM\vbscript.dll=C:\WINDOWS\SYSTEM\vbscript.002
C:\WINDOWS\SYSTEM\shell32.dll=C:\WINDOWS\SYSTEM\shell32.001

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 9/6/2005, 17:11:10)

[Rename]
C:\WINDOWS\SYSTEM\SYMNETI.DLL=C:\WINDOWS\SYSTEM\TBMB083.TMP
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IDSAUX.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IDSAUX.___
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\SYMIDSLU.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\SYMIDSLU.___

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

PATH C:\WINDOWS;C:\WINDOWS\COMMAND;E:\FPD26;C:\FPD26;D:\FPD26;C:\BITWARE\;E:\MSSQL7\BINN
SET CLASSPATH="E:\Program Files\JavaSoft\JRE\1.3.1_03\lib\ext\QTJava.zip"
SET QTJAVA="E:\Program Files\JavaSoft\JRE\1.3.1_03\lib\ext\QTJava.zip"

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - E:\TOOLS\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\CERES.DLL - {00000049-8F91-4D9C-9573-F016E7626484}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Tune-up Application Start.job
Norton AntiVirus - Scan my computer - Rohan.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...B?1063386600770

[WSDownloader Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WSDOWN~1.OCX
CODEBASE = http://www.webshots....SDownloader.ocx

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macr...director/sw.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
MgqtOykb: C:\WINDOWS\SYSTEM\EILF.DLL

--------------------------------------------------
End of report, 19,875 bytes
Report generated in 0.086 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
+++++++++++++++++++++++++++++++++++++++++++++++++++++
  • 0

#4
greyknight17
Posted 09 June 2005 - 01:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No need for the startuplist unless we ask for it. Just the HijackThis log will do.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Right click on this link -> http://www.bleepingc...g/smitfraud.reg and save that file. Double click on it and click on Yes when it asks you if you want to merge it into the registry. Once that's done, right click on your Desktop and go to Properties. Next go to Desktop tab->Customize Desktop button->Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.

Go to Start->-Control Panel->Add or Remove Programs and remove/uninstall the following programs, if found:

Security iGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with red circle with a white X. Confirm to delete and when asked if you want to reboot now, say no:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system\hhk.dll
C:\Windows\System\wldr.dll
C:\Windows\System\helper.exe
C:\Windows\System\intmon.exe
C:\Windows\System\shnlog.exe
C:\Windows\System\intmonp.exe
C:\Windows\System\msmsgs.exe
C:\Windows\system\msole32.exe
C:\Windows\system\ole32vbs.exe
C:\WINDOWS\CERES.DLL
C:\WINDOWS\SYSTEM\nvsvc.exe
C:\WINDOWS\SYSTEM\EILF.DLL

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Delete these folders if they exist:

C:\Program Files\Search Maid\
C:\Program Files\Virtual Maid\
C:\Windows\System32\Log Files\
C:\Program Files\Security iGuard\

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O9 - Extra button: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5AB92CA0-C7EA-11D9-A4ED-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O15 - Trusted IP range: 67.19.185.246
O21 - SSODL: MgqtOykb - {076118EC-ADCB-B246-B620-49984D468F48} - C:\WINDOWS\SYSTEM\EILF.DLL

Close HijackThis.

Restart your computer.

1. Download Hoster http://www.greyknigh.../spy/Hoster.exe and run it. Choose the 'Restore Original Hosts' button and press OK. Close the program.

2. Right click on this link -> http://mvps.org/winh.../DelDomains.inf and select Save As to download WinHelp2002's DelDomains.inf. Save the file to the Desktop. To run the inf file, right click on it and select Install. Note: This will remove all entries in the 'Trusted Zone' and 'Ranges' also.

3. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

4. Run an online scan at http://www.pandasoft...com/activescan/ and save the results from the scan!

Restart and post a new HijackThis log along with the results from ActiveScan.
  • 0

#5
helpneeder
Posted 14 June 2005 - 02:43 AM

helpneeder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I am sorry for any trouble caused and thanks anyway for your trouble.
I had so many errors on my PC i got it formatted so if there are any measures still to be taken please tell me.&thanks
  • 0

#6
greyknight17
Posted 14 June 2005 - 04:38 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Sorry to hear about that. OK, since you are starting in a fresh state now, do this:

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP