I will be taking care of this probably tomorrow. give me a day or so - some other issues have come up. my hardware issue is causing my system to have to go to the shop.
ok ? thanks
~Darlene
HELP with a better internet [CLOSED]
Started by
biggddd
, Aug 20 2005 03:13 AM
-
This topic is locked
#16
Posted 24 August 2005 - 12:21 AM
biggddd
- Topic Starter
-
- Member
-
- 20 posts
Member
I will be taking care of this probably tomorrow. give me a day or so - some other issues have come up. my hardware issue is causing my system to have to go to the shop.
ok ? thanks
~Darlene
#17
Posted 24 August 2005 - 12:32 AM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
Ack!! Ok, the thread will be open 
Good luck!
Excal
Good luck! Excal
#18
Posted 25 August 2005 - 03:59 PM
biggddd
- Topic Starter
-
- Member
-
- 20 posts
Member
Hi Excal
Ok - it looks good now... here is the log. what do ya think??
Logfile of HijackThis v1.99.1
Scan saved at 1:56:06 PM, on 8/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
F:\WINDOWS\System32\CTSvcCDA.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
F:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
F:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
F:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\jonathan\Desktop\HIJACK THIS\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\System32\taskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - F:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [richup] F:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [News Service] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [FSA] F:\WINDOWS\FSA.exe
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: InterAct Profile Activator.lnk = F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{603F88AB-B73F-46DE-BA7C-066D39462CA6}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
Ok - it looks good now... here is the log. what do ya think??
Logfile of HijackThis v1.99.1
Scan saved at 1:56:06 PM, on 8/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
F:\WINDOWS\System32\CTSvcCDA.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
F:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
F:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
F:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\jonathan\Desktop\HIJACK THIS\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\System32\taskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - F:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [richup] F:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [News Service] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [FSA] F:\WINDOWS\FSA.exe
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: InterAct Profile Activator.lnk = F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{603F88AB-B73F-46DE-BA7C-066D39462CA6}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
#19
Posted 25 August 2005 - 04:17 PM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
Looks much better
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Now open and run Ewido:
5. Close all browsers, windows and unneeded programs.
6. Open HiJack and do a scan.
7. Put a Check next to the following items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - F:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [FSA] F:\WINDOWS\FSA.exe
O4 - HKLM\..\Run: [richup] F:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [Dinst] F:\WINDOWS\dinst.exe
8. click the Fix Checked box
9. Please remove just the files from the following paths using Windows Explorer (if present):
F:\WINDOWS\FSA.exe
F:\WINDOWS\System32\richup.exe
F:\WINDOWS\dinst.exe
10. Run the program CleanUp!
11. Reboot into normal mode and please run this online virus scan: Kaspersky - Save the results from the scan!
12. Please post an Kaspersky scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
1. Click this link to be sure you can view hidden files.
2. Ensure you are NOT connected to the internet.
3. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
4. Now open and run Ewido:
- Click on scanner
- Click Complete System Scan and the scan will begin.
- During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
- When the scan is finished, look at the bottom of the screen and click the Save report button.
- Save the report to your desktop
5. Close all browsers, windows and unneeded programs.
6. Open HiJack and do a scan.
7. Put a Check next to the following items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - F:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [FSA] F:\WINDOWS\FSA.exe
O4 - HKLM\..\Run: [richup] F:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [Dinst] F:\WINDOWS\dinst.exe
8. click the Fix Checked box
9. Please remove just the files from the following paths using Windows Explorer (if present):
F:\WINDOWS\FSA.exe
F:\WINDOWS\System32\richup.exe
F:\WINDOWS\dinst.exe
10. Run the program CleanUp!
11. Reboot into normal mode and please run this online virus scan: Kaspersky - Save the results from the scan!
12. Please post an Kaspersky scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.
#20
Posted 10 September 2005 - 12:34 AM
Excal
-
- Retired Staff
-
- 12,739 posts
Malware Slayer Extraordinaire!
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
