Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer already clean? and some fake questions...

Started by klinz00 , Dec 18 2004 01:26 AM

  • Please log in to reply

#1
klinz00
Posted 18 December 2004 - 01:26 AM

klinz00

    New Member

  • Member
  • Pip
  • 4 posts
Hi...

I'm very new to all of this.
I had to learn because someone (and she doesnt know how) installed about six adware/spyware programs in my computer...

I had to download and run many programs, such as
- ad aware se personal
- spyware stormer
- spy substract
- scan spyware
- spybot
- csshredder
- other i dont remember

my first question is regarding this...
obviously, all of them found different things... that's normal, i suppose...
but then, adaware began detecting spyware, being some of the other programs...
and since adware is one of the more ... mmm, how to say it... official? adaware removals, i tend to trust it...

so, which "spyware detectors" are just fake?
any dangerous one?


and the other is that now none of those programs detect any other spyware
(except for Scan Spyware, that detects these four items, maybe you can help me with them:
* eUniverse.Smiley Land: hosts.bho
I opened it, and it only had 66.40.16.234 autosearch.msn.com
* PowerReg Scheduler: PowerReg.dat
It was empty, so I only erased it
* Grokster mdm.exe
This one puzzles me... any idea?
* It detects a file from a game, Baldur's Gate II registration file, so i ignored it... ok?
)


anyway, i'm not sure my computer is completely clean!!
why?
well, because of one entry in registry:
it is
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Clock

why? because i dont remember that entry
besides, i'm pretty much sure it's changing!!!!
i dont remember the first entry
but i have seen the following values for that key
dpvsetup.exe
netdde.exe
and i just checked it again and now it is C:\winnt\autolfn.exe
(the other two where C:\winnt\system32\...)

is it something or i'm just allucinating?
the only reference i found was
http://computercops....plist-6535.html
but that wasn't exactly my case, just for the netdde.exe


just in case, i'm posting the most recent log from hijackthis...

I hope you can help me

THANKS!

P.S. I hope that the fact that some of the last items are in spanish doesn't hinder my chances for a reply





Logfile of HijackThis v1.99.0
Scan saved at 01:09:51 a.m., on 18/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\ARCHIV~1\Grisoft\AVG6\avgcc32.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\sm56hlpr.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\WINNT\system32\internat.exe
C:\WINNT\netdde.exe
C:\WINNT\explorer.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\papa\Escritorio\spyware\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARCHIV~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Clock] C:\WINNT\autolfn.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .mov: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/s...ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/s...utodetectNT.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{62512E6B-C4C4-49DC-A2B5-F7702AB0CCDD}: NameServer = 148.240.241.9 148.240.241.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78A5065-14AC-4546-97B8-1AEFB3A960C4}: NameServer = 209.47.15.118,64.157.143.38,
O17 - HKLM\System\CS1\Services\Tcpip\..\{62512E6B-C4C4-49DC-A2B5-F7702AB0CCDD}: NameServer = 148.240.241.9 148.240.241.41
O23 - Service: Servicio de alerta - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Administración de aplicaciones - Unknown - C:\WINNT\system32\services.exe
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\ARCHIV~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Examinador de equipos - Unknown - C:\WINNT\System32\services.exe
O23 - Service: 12 - Unknown - 2 (file missing)
O23 - Service: CommServe4 - Unknown - C:\\
O23 - Service: Cliente DHCP - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINNT\System32\dmadmin.exe
O23 - Service: Administrador de discos lógicos - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Cliente DNS - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Registro de sucesos - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Servicio de fax - Unknown - C:\WINNT\system32\faxsvc.exe
O23 - Service: Servidor - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Estación de trabajo - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Servicio de ayuda TCP/IP NetBIOS - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Mensajero - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: DDE de red - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: Inicio de sesión en red - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Proveedor de asistencia de seguridad LM de Windows NT - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Plug and Play - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Agente de directivas IPSEC - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Almacenamiento protegido - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Administrador de cuentas de seguridad - Unknown - C:\WINNT\system32\lsass.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Programador de tareas - Unknown - C:\WINNT\system32\MSTask.exe
O23 - Service: Servicio RunAs - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Regula - Unknown - Puerto (file missing)
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Cliente de seguimiento de vinculos distribuidos - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Administrador de utilidades - Unknown - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horario de Windows - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Instrumental de administración de Windows - Unknown - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Exten. controlador Instrumental de admon. de Windows - Unknown - C:\WINNT\system32\Services.exe
  • 0

Advertisements

#2
klinz00
Posted 18 December 2004 - 01:29 AM

klinz00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
just for reference, i found another log i had made from hijack previously... if you find the same key (clock) you can see it has the value of C:\WINNT\dpvsetup.exe

thanks!




Logfile of HijackThis v1.99.0
Scan saved at 02:03:27 a.m., on 17/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\papa\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG_CC] C:\ARCHIV~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Clock] C:\WINNT\dpvsetup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .mov: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/s...ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/s...utodetectNT.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C78A5065-14AC-4546-97B8-1AEFB3A960C4}: NameServer = 209.47.15.118,64.157.143.38,
O23 - Service: Servicio de alerta - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Administración de aplicaciones - Unknown - C:\WINNT\system32\services.exe
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\ARCHIV~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Examinador de equipos - Unknown - C:\WINNT\System32\services.exe
O23 - Service: 12 - Unknown - 2 (file missing)
O23 - Service: CommServe4 - Unknown - C:\\
O23 - Service: Cliente DHCP - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINNT\System32\dmadmin.exe
O23 - Service: Administrador de discos lógicos - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Cliente DNS - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Registro de sucesos - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Servicio de fax - Unknown - C:\WINNT\system32\faxsvc.exe
O23 - Service: Servidor - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Estación de trabajo - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Servicio de ayuda TCP/IP NetBIOS - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Mensajero - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: DDE de red - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: Inicio de sesión en red - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Proveedor de asistencia de seguridad LM de Windows NT - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Plug and Play - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Agente de directivas IPSEC - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Almacenamiento protegido - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Administrador de cuentas de seguridad - Unknown - C:\WINNT\system32\lsass.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Programador de tareas - Unknown - C:\WINNT\system32\MSTask.exe
O23 - Service: Servicio RunAs - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Regula - Unknown - Puerto (file missing)
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Cliente de seguimiento de vinculos distribuidos - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Administrador de utilidades - Unknown - C:\WINNT\System32\UtilMan.exe
O23 - Service: Horario de Windows - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Instrumental de administración de Windows - Unknown - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: Exten. controlador Instrumental de admon. de Windows - Unknown - C:\WINNT\system32\Services.exe
  • 0

#3
coachwife6
Posted 19 December 2004 - 03:16 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I am replying to the first log you posted. I was a little confused at first. Good catch on the clock issue. :tazz:


You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [MessengerPlus3] \"C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe\"
O4 - HKCU\..\Run: [Clock] = whatever exe its using now

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MessengerPlus3] \"C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe\" /WinStart

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/s...ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/s...utodetectNT.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

O23 - Service: 12 - Unknown - 2 (file missing)
O23 - Service: Regula - Unknown - Puerto (file missing)

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
(Description: This is the Microsoft MSN Queue Manager. There is disagreement over whether it is spying on you or not. Nevertheless, we suggest you check this entry and remove it. Removing this entry will free up some system resources. more information)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
(Description: Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it, and thus should remove this entry. )

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
(Description: Microsoft Office Startup Assistant. This program loads some Microsoft Office components into memory, even if you're not currently using MS Office. Removing this unnecessary program will free up a considerable amount of system resources. )

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files (if found):

C:\WINNT\system32\internat.exe
C:\WINNT\autolfn.exe
C:\Archivos de programa\Messenger Plus! 3

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.


Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. ;)
  • 0

#4
klinz00
Posted 19 December 2004 - 11:19 PM

klinz00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks for the reply...

just before doing so, i was wondering....
all those programs you ask me to remove are because of Messenger Plus?
Because I like the program and didnt think it could install other software....

so, is it?
i'm just wondering about it before removing it...

thanks again!
  • 0

#5
klinz00
Posted 20 December 2004 - 12:12 PM

klinz00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
oh, and i have another question....

why remove O4 - HKCU\..\Run: [internat.exe] internat.exe

as fas as i know, internat.exe is the one that allows you to change the keyboard language, am i wrong?

please, let me know
  • 0

#6
coachwife6
Posted 20 December 2004 - 12:26 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts

oh, and i have another question....

why remove O4 - HKCU\..\Run: [internat.exe] internat.exe

as fas as i know, internat.exe is the one that allows you to change the keyboard language, am i wrong?

please, let me know

View Post


Read this on messenger plus 3. Do what you want to do.

http://inetexplorer....senger_plus.htm

aboutthe internat.exe - google it and see what you think. You seem to be pretty knowledgeable about your computer. Does it have a zip icon
  • 0

#7
admin
Posted 20 December 2004 - 02:14 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
internat.exe is trouble, internat.dll is legitimate for international keyboard profiles. They're clever those malware authors. :tazz: They disguise files to look legitimate.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP