[knaphappy]

Hi!

Below is my log from Hijackthis. Please help me return my computer to normal!!!

Whenever I open my browser, it goes straight to about:blank and I can't change this. I'm also getting lots of pop-ups. I have used Micorsoft Antispyware and Adware-Se to no avail!!

Many thanks

Knaphappy

Logfile of HijackThis v1.99.1
Scan saved at 8:25:41 AM, on 06/08/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Users\AMcLaren\Useful Anti-Spyware Software\hello\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D4C37126-82A9-4BC8-8F3E-D37B2C38D18A} - C:\WINNT\System32\hldd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "F:\users\amclaren\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Handy Backup 4.1] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8130557A-145D-4816-876E-F00F7DF424AF}: NameServer = 192.168.42.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Filter: text/html - {72540713-5D35-40C1-8BCC-173E09AC7C41} - C:\WINNT\System32\hldd.dll
O18 - Filter: text/plain - {72540713-5D35-40C1-8BCC-173E09AC7C41} - C:\WINNT\System32\hldd.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE

[Advertisements]

Hi knaphappy

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet, though.

Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Download sphjfix

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log.

Run sphjfix and post the log

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {D4C37126-82A9-4BC8-8F3E-D37B2C38D18A} - C:\WINNT\System32\hldd.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O18 - Filter: text/html - {72540713-5D35-40C1-8BCC-173E09AC7C41} - C:\WINNT\System32\hldd.dll
O18 - Filter: text/plain - {72540713-5D35-40C1-8BCC-173E09AC7C41} - C:\WINNT\System32\hldd.dll
Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Eset\<--Delete the whole folder
C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll<--Delete this file
C:\WINNT\System32\hldd.dll<--Delete this file
c:\spywarevanisher-free\<--Delete the whole folder
Exit Explorer.

Run Ad-aware se let remove all it finds

Run CWShredder to fix your CWS problem.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot as normal.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc

[knaphappy]

Hi,

Great to have your help. Will get onto your instructions asap and get back to you!

Thanks

Knaphappy

[knaphappy]

Hi Kc,

Things are definately looking up. My browser appears to be back to normal after running sphjfix. I ran hijackthis after sphjfix and all but one of the files you told me to fix/delete were gone already. I also searched for the files you list after the hijackthis section of your post but these are gone too.

My sphjfix log is below:

(6/8/05 10:15:20 AM) SPSeHjFix started v1.1.2
(6/8/05 10:15:20 AM) OS: Win2000 Service Pack 2 (5.0.2195)
(6/8/05 10:15:20 AM) Language: english
(6/8/05 10:15:20 AM) Win-Path: C:\WINNT
(6/8/05 10:15:20 AM) System-Path: C:\WINNT\System32
(6/8/05 10:15:20 AM) Temp-Path: C:\DOCUME~1\fiona\LOCALS~1\Temp\
(6/8/05 10:15:36 AM) Disinfection started
(6/8/05 10:15:36 AM) Bad-Dll(IEP): c:\docume~1\fiona\locals~1\temp\se.dll
(6/8/05 10:15:36 AM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\System32\hldd.dll
(6/8/05 10:15:36 AM) Searchassistant Uninstaller - Keys Deleted
(6/8/05 10:15:36 AM) UBF: 6 - UBB: 2 - UBR: 17
(6/8/05 10:15:36 AM) FilterKey: HKCR\text/html (deleted)
(6/8/05 10:15:36 AM) FilterKey: HKCR\CLSID\{72540713-5D35-40C1-8BCC-173E09AC7C41} (deleted)
(6/8/05 10:15:36 AM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(6/8/05 10:15:36 AM) FilterKey: HKCR\text/plain (deleted)
(6/8/05 10:15:36 AM) FilterKey: HKCR\CLSID\{72540713-5D35-40C1-8BCC-173E09AC7C41} (error while deleting)
(6/8/05 10:15:36 AM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(6/8/05 10:15:36 AM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4C37126-82A9-4BC8-8F3E-D37B2C38D18A} (deleted)
(6/8/05 10:15:36 AM) BHO-Key: HKCR\CLSID\{D4C37126-82A9-4BC8-8F3E-D37B2C38D18A} (deleted)
(6/8/05 10:15:36 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(6/8/05 10:15:36 AM) UBF: 4 - UBB: 1 - UBR: 16
(6/8/05 10:15:36 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(6/8/05 10:15:36 AM) Stealth-String not found
(6/8/05 10:15:36 AM) File added to delete: c:\winnt\system32\hldd.dll
(6/8/05 10:15:36 AM) File added to delete: c:\docume~1\fiona\locals~1\temp\se.dll
(6/8/05 10:15:36 AM) Reboot


(6/8/05 10:18:35 AM) SPSeHjFix started v1.1.2
(6/8/05 10:18:35 AM) OS: Win2000 Service Pack 2 (5.0.2195)
(6/8/05 10:18:35 AM) Language: english
(6/8/05 10:18:35 AM) Win-Path: C:\WINNT
(6/8/05 10:18:35 AM) System-Path: C:\WINNT\System32
(6/8/05 10:18:35 AM) Temp-Path: C:\DOCUME~1\fiona\LOCALS~1\Temp\
(6/8/05 10:20:25 AM) Disinfection started
(6/8/05 10:20:25 AM) Bad-Dll(IEP): c:\docume~1\fiona\locals~1\temp\se.dll
(6/8/05 10:20:25 AM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\System32\hldd.dll
(6/8/05 10:20:25 AM) Searchassistant Uninstaller - Keys Deleted
(6/8/05 10:20:25 AM) UBF: 6 - UBB: 2 - UBR: 17
(6/8/05 10:20:25 AM) FilterKey: HKCR\text/html (deleted)
(6/8/05 10:20:25 AM) FilterKey: HKCR\CLSID\{BDAE2045-5D69-4EC5-AE4E-FA42D2239BBC} (deleted)
(6/8/05 10:20:25 AM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(6/8/05 10:20:25 AM) FilterKey: HKCR\text/plain (deleted)
(6/8/05 10:20:25 AM) FilterKey: HKCR\CLSID\{BDAE2045-5D69-4EC5-AE4E-FA42D2239BBC} (error while deleting)
(6/8/05 10:20:25 AM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(6/8/05 10:20:25 AM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12B1519E-B0BC-427A-B500-127650A6480B} (deleted)
(6/8/05 10:20:25 AM) BHO-Key: HKCR\CLSID\{12B1519E-B0BC-427A-B500-127650A6480B} (deleted)
(6/8/05 10:20:25 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\fiona\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(6/8/05 10:20:25 AM) UBF: 4 - UBB: 1 - UBR: 16
(6/8/05 10:20:25 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona\locals~1\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\fiona\locals~1\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(6/8/05 10:20:25 AM) Stealth-String not found
(6/8/05 10:20:25 AM) File added to delete: c:\winnt\system32\hldd.dll
(6/8/05 10:20:25 AM) File added to delete: c:\docume~1\fiona\locals~1\temp\se.dll
(6/8/05 10:20:25 AM) Reboot


(6/8/05 10:39:41 AM) SPSeHjFix started v1.1.2
(6/8/05 10:39:41 AM) OS: Win2000 Service Pack 2 (5.0.2195)
(6/8/05 10:39:41 AM) Language: english
(6/8/05 10:39:41 AM) Win-Path: C:\WINNT
(6/8/05 10:39:41 AM) System-Path: C:\WINNT\System32
(6/8/05 10:39:41 AM) Temp-Path: C:\DOCUME~1\fiona\LOCALS~1\Temp\


My Ewido scan log below:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:23:21 AM, 06/08/2005
+ Report-Checksum: 8F99535E

+ Date of database: 06/07/2005
+ Version of scan engine: v3.0

+ Duration: 11 min
+ Scanned Files: 44084
+ Speed: 62.89 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
No infected files found!


::Report End



A miracle perhaps...

Thank-you so much for your help

Knaphappy

[knaphappy]

Hi Kc,

Where does the HJT.log come from? What program do I use?

From some reason, the pandascan wont work on my computer. The panda website comes up fine but when I click on the 'scan now' button it brings up the appropriate pop-up but I can't press the 'next' button. On the pop-up, text is overlaying other text.

In light of the above, I ran a trendmicro scan and this came up clean.

Best

Knaphappy