[billysue03]

Alright so here's the deal. I clicked an IM link that said about looking at updated pictures without thinking about it.

Something obviously downloaded and I have some kind of virus/spyware at this point. I don't know what it is as I'm not seeing anything wrong at this point. I do have the most updated version of Mcafee and it hasn't found anything.

I do have ad-aware. I'm in the process of using the Panda ActiveScan and so far apparently i've got 17 infected files and it's been running for the last hour or so.

I've also included a hijack this log if anyone has any insights for me it would be very appreciated.

Thanks

Attached Files

•  hijackthis_v1.txt   8.27KB   149 downloads

[Advertisements]

Hello there!

I'm so sorry you've had such a long wait! Please post a fresh HijackThis log if you still need help & I'll be right with you.

[meeeeeeeeee]

Hello there!

I'm so sorry you've had such a long wait! Please post a fresh HijackThis log if you still need help & I'll be right with you.

[billysue03]

Hey,

No worries, thanks for the help. I'm not sure if i've gotten rid of it at this point or not. Let me know what you think.

Thanks!

Attached Files

•  hijackthis_v3.txt   8.35KB   126 downloads

[meeeeeeeeee]

Looks like you still have some problems. Let's get you cleaned up!

Let's make sure all hidden files are visible. Use this link for information on how to do this: http://www.xtra.co.n...1916458,00.html

Please select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”


R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - HKLM\..\Run: [ActiveX Loader] D:\WINDOWS\System32\sys.exe
** O4 - HKLM\..\Run: [xwt] D:\WINDOWS\xwt.exe
O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...ktop-1.jpg.html
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c293.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildt...lim/install.cab

** If you know what this is leave it alone!



Then find and delete the following:

D:\Program Files\Media Access << This folder
** D:\WINDOWS\xwt.exe << This file
D:\WINDOWS\System32\sys.exe << This file

** If you know what this is leave it alone!


Then reboot and post a fresh HijackThis log.

[billysue03]

Alright. Here we go with the fresh log. Let me know what you think.

Thanks

Attached Files

•  hijackthis_v4.txt   8.09KB   81 downloads

[billysue03]

Ok, ignore the previous log. I didn't get them all the first time. Hopefully this one is better.

Attached Files

•  hijackthis_v5.txt   7.51KB   103 downloads

[meeeeeeeeee]

Looks good! How's it acting?