heidireneeparker 0 Report post Posted April 10, 2007 I too have this problem. I hope someone can help me out! Here is my Hijack This log: Logfile of HijackThis v1.99.1 Scan saved at 6:25:01 AM, on 4/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Updater.exe C:\WINDOWS\system32\vexabcla.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\system32\ProtEX32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\apivydez.exe C:\PROGRA~1\NORTON~1\navw32.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [vexabcla.exe] C:\WINDOWS\system32\vexabcla.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [Protections] C:\WINDOWS\system32\ProtEX32.exe O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S167.tmp" /EF "HKLM" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\DOCUME~1\HEIDIJ~1\LOCALS~1\Temp\E_S1C.tmp" /EF "HKCU" O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171400076906 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Share this post Link to post Share on other sites
heidireneeparker 0 Report post Posted April 10, 2007 I'm sorry to have posted in someone else's topic. I got right to that thread from Google, so I didn't know I was supposed to make my own thread. I have the same problem as the other poster, so it seemed appropriate. I hope someone can still help me! Please? Share this post Link to post Share on other sites
HJThis 0 Report post Posted April 11, 2007 Hello,heidireneeparker & Welcome Yes you have a number of items that have to go, but first may I ask that you upload some files for me. once done post back here with the scan results. don't fix anything tell I have a look at the results. Go to next site: http://www.virustotal.com/en/indexx.html On top you'll find 'Browse' Click the browse button and browse to next file: C:\Updater.exe Click open. Then click the 'Send' button next to it. This will scan the file. Please be patient. Once scanned, copy and paste the results as well in your next reply. And do the same for the following files. C:\WINDOWS\system32\vexabcla.exe C:\WINDOWS\system32\ProtEX32.exe C:\WINDOWS\system32\apivydez.exe Gogo Share this post Link to post Share on other sites
heidireneeparker 0 Report post Posted April 11, 2007 Hi Gogo, thank you for your help! Here are the results you asked to see: Complete scanning result of "Updater.exe", received in VirusTotal at 04.11.2007, 22:57:49 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.12.0 04.11.2007 no virus found AntiVir 7.3.1.50 04.11.2007 no virus found Authentium 4.93.8 04.11.2007 no virus found Avast 4.7.936.0 04.11.2007 no virus found AVG 7.5.0.447 04.11.2007 no virus found BitDefender 7.2 04.11.2007 no virus found CAT-QuickHeal 9.00 04.11.2007 no virus found ClamAV devel-20070312 04.11.2007 no virus found DrWeb 4.33 04.11.2007 no virus found eSafe 7.0.15.0 04.11.2007 no virus found eTrust-Vet 30.7.3560 04.11.2007 no virus found Ewido 4.0 04.10.2007 no virus found FileAdvisor 1 04.11.2007 no virus found Fortinet 2.85.0.0 04.11.2007 no virus found F-Prot 4.3.1.45 04.11.2007 no virus found F-Secure 6.70.13030.0 04.11.2007 no virus found Ikarus T3.1.1.5 04.11.2007 no virus found Kaspersky 4.0.2.24 04.11.2007 no virus found McAfee 5006 04.11.2007 no virus found Microsoft 1.2405 04.11.2007 no virus found NOD32v2 2182 04.11.2007 no virus found Norman 5.80.02 04.11.2007 no virus found Panda 9.0.0.4 04.11.2007 no virus found Prevx1 V2 04.11.2007 no virus found Sophos 4.16.0 04.11.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.11.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.10.2007 no virus found VirusBuster 4.3.7:9 04.11.2007 no virus found Webwasher-Gateway 6.0.1 04.11.2007 no virus found Aditional Information File size: 212992 bytes MD5: 50d1955bca8825da78fc00f62fbb2b1d SHA1: fed45a6f55043a80df063122ad683aa2dfb13066 Complete scanning result of "vexabcla.exe", received in VirusTotal at 04.11.2007, 22:59:06 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.12.0 04.11.2007 no virus found AntiVir 7.3.1.50 04.11.2007 TR/Crypt.XPACK.Gen Authentium 4.93.8 04.11.2007 no virus found Avast 4.7.936.0 04.11.2007 no virus found AVG 7.5.0.447 04.11.2007 no virus found BitDefender 7.2 04.11.2007 Trojan.Obfus.Gen CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan ClamAV devel-20070312 04.11.2007 no virus found DrWeb 4.33 04.11.2007 no virus found eSafe 7.0.15.0 04.11.2007 Suspicious Trojan/Worm eTrust-Vet 30.7.3560 04.11.2007 no virus found Ewido 4.0 04.10.2007 no virus found FileAdvisor 1 04.11.2007 no virus found Fortinet 2.85.0.0 04.11.2007 suspicious F-Prot 4.3.1.45 04.11.2007 no virus found F-Secure 6.70.13030.0 04.11.2007 Trojan.Win32.Obfuscated.ev Ikarus T3.1.1.5 04.11.2007 Trojan-Downloader.Win32.Busky Kaspersky 4.0.2.24 04.11.2007 Trojan.Win32.Obfuscated.ev McAfee 5006 04.11.2007 Downloader-AXI Microsoft 1.2405 04.11.2007 no virus found NOD32v2 2182 04.11.2007 no virus found Norman 5.80.02 04.11.2007 no virus found Panda 9.0.0.4 04.11.2007 no virus found Prevx1 V2 04.11.2007 no virus found Sophos 4.16.0 04.11.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious Symantec 10 04.11.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.10.2007 no virus found VirusBuster 4.3.7:9 04.11.2007 Trojan.DL.Obfusc.Gen.6 Webwasher-Gateway 6.0.1 04.11.2007 Trojan.Crypt.XPACK.Gen Aditional Information File size: 48640 bytes MD5: 74082131c4624fbf07677699dc33a98b SHA1: ba355e11aaab910ced0e2de0cbfa68b1a48aeef9 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. Complete scanning result of "ProtEX32.exe", received in VirusTotal at 04.11.2007, 22:59:47 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.12.0 04.11.2007 no virus found AntiVir 7.3.1.50 04.11.2007 TR/Crypt.XPACK.Gen Authentium 4.93.8 04.11.2007 no virus found Avast 4.7.936.0 04.11.2007 no virus found AVG 7.5.0.447 04.11.2007 no virus found BitDefender 7.2 04.11.2007 Trojan.Obfus.Gen CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan ClamAV devel-20070312 04.11.2007 no virus found DrWeb 4.33 04.11.2007 no virus found eSafe 7.0.15.0 04.11.2007 Suspicious Trojan/Worm eTrust-Vet 30.7.3560 04.11.2007 no virus found Ewido 4.0 04.10.2007 no virus found FileAdvisor 1 04.11.2007 no virus found Fortinet 2.85.0.0 04.11.2007 suspicious F-Prot 4.3.1.45 04.11.2007 no virus found F-Secure 6.70.13030.0 04.11.2007 Trojan.Win32.Obfuscated.ev Ikarus T3.1.1.5 04.11.2007 Trojan-Downloader.Win32.Busky Kaspersky 4.0.2.24 04.11.2007 Trojan.Win32.Obfuscated.ev McAfee 5006 04.11.2007 no virus found Microsoft 1.2405 04.11.2007 no virus found NOD32v2 2182 04.11.2007 probably unknown NewHeur_PE virus Norman 5.80.02 04.11.2007 no virus found Panda 9.0.0.4 04.11.2007 no virus found Prevx1 V2 04.11.2007 no virus found Sophos 4.16.0 04.11.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious Symantec 10 04.11.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.10.2007 no virus found VirusBuster 4.3.7:9 04.11.2007 no virus found Webwasher-Gateway 6.0.1 04.11.2007 Trojan.Crypt.XPACK.Gen Aditional Information File size: 263168 bytes MD5: 7d8c51f1949c096c38d9cccf2ca687ea SHA1: e19bec3fad3ded7b74b66cf9b5af6437ba82c418 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. Complete scanning result of "apivydez.exe", received in VirusTotal at 04.11.2007, 23:00:18 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.12.0 04.11.2007 no virus found AntiVir 7.3.1.50 04.11.2007 TR/Crypt.XPACK.Gen Authentium 4.93.8 04.11.2007 Possibly a new variant of W32/new-malware!Maximus Avast 4.7.936.0 04.11.2007 no virus found AVG 7.5.0.447 04.11.2007 no virus found BitDefender 7.2 04.11.2007 Trojan.Obfus.Gen CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan ClamAV devel-20070312 04.11.2007 no virus found DrWeb 4.33 04.11.2007 no virus found eSafe 7.0.15.0 04.11.2007 Suspicious Trojan/Worm eTrust-Vet 30.7.3560 04.11.2007 no virus found Ewido 4.0 04.10.2007 no virus found FileAdvisor 1 04.11.2007 no virus found Fortinet 2.85.0.0 04.11.2007 suspicious F-Prot 4.3.1.45 04.11.2007 W32/new-malware!Maximus F-Secure 6.70.13030.0 04.11.2007 Trojan.Win32.Obfuscated.ev Ikarus T3.1.1.5 04.11.2007 Trojan-Downloader.Win32.Busky Kaspersky 4.0.2.24 04.11.2007 Trojan.Win32.Obfuscated.ev McAfee 5006 04.11.2007 no virus found Microsoft 1.2405 04.11.2007 Trojan:Win32/Busky.gen NOD32v2 2182 04.11.2007 a variant of Win32/TrojanDownloader.Busky.AZ Norman 5.80.02 04.11.2007 no virus found Panda 9.0.0.4 04.11.2007 no virus found Prevx1 V2 04.11.2007 no virus found Sophos 4.16.0 04.11.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious Symantec 10 04.11.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.10.2007 no virus found VirusBuster 4.3.7:9 04.11.2007 no virus found Webwasher-Gateway 6.0.1 04.11.2007 Trojan.Crypt.XPACK.Gen Aditional Information File size: 77824 bytes MD5: 0012a82377be01c364d2ec018ab5735b SHA1: 1fba1406f9d7051c5067b56ff91e6cb5c26c6b41 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. Share this post Link to post Share on other sites
HJThis 0 Report post Posted April 11, 2007 Hi,heidireneeparker No thank you Next Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist): Viewpoint Viewpoint Manager Viewpoint Media Player MyWay Or MyWeb Search Note: Please that these items may need you to do a reboot to complete the Uninstall then please do so. --------------- View hidden files and folders: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. ----------------- Disable bad service Start Run Type services.msc to the field and press enter. A window opens, scroll down to Viewpoint Manager Service Rightclick it and choose Stop Then choose Properties Set Startup to Disabled Click Apply and OK. ------------------ Then, open HijackThis. Open the Misc Tools section Delete an NT service Copy the following line to the box and press OK; Viewpoint Manager Service Answer Yes Close HIjackThis ------------------ Run HijackThis Scan and when it finishes, put a check mark only next to these following items : (if present) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [vexabcla.exe] C:\WINDOWS\system32\vexabcla.exe O4 - HKLM\..\Run: [Protections] C:\WINDOWS\system32\ProtEX32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Close all browsers and any open Windows, making sure that only HijackThis is open Click Fix Checked Close HijackThis ------------------ Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FILES, FOLDERS (if they exist): C:\WINDOWS\system32\vexabcla.exe<---This file C:\WINDOWS\system32\ProtEX32.exe<---This file C:\WINDOWS\system32\apivydez.exe<---This file C:\Program Files\Viewpoint\<---This folder C:\Program Files\MyWay\<---This folder ------------------ The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first. Backup the Registry: Navigate to Start | Run and paste the following: regedit /e c:\registrybackup.reg Now click OK It won't appear to be doing anything, that's normal. Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass. ---------------- Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!) ( Do not copy the word quote) REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vexabcla.exe"=- "Protections"=- "apivydez.exe"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Viewpoint Manager Service] Save this as fix.reg Choose to save as *all files and place it on your Desktop. It should look like this: Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK. -------------- NOTE: After running the Regfix make sure to do a reboot or Regfix will not work --------------- Then come back here with a new HijackThis logfile Gogo Share this post Link to post Share on other sites
heidireneeparker 0 Report post Posted April 12, 2007 Ok, I've done all that, except for some of the Viewpoint files were not there, so I couldn't delete them. Here is my Hijack This log: Logfile of HijackThis v1.99.1 Scan saved at 8:39:17 PM, on 4/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Updater.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\dumprep.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S167.tmp" /EF "HKLM" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [backupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\DOCUME~1\HEIDIJ~1\LOCALS~1\Temp\E_S1C.tmp" /EF "HKCU" O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171400076906 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Share this post Link to post Share on other sites
HJThis 0 Report post Posted April 12, 2007 Hi,heidireneeparker May I have some feedback is the PC doing any better now?? Next You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u1 ). Please update and remove the older versions. Do the following: Go to Start | Control Panel | Add/Remove Programs Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) It should have this icon next to it: Select it and click Remove. Then download and install the newest version from here (scroll down to find it): Java Runtime Environment (JRE) 6u1. Do a reboot ------------------ Again need feedback how is PC doing. Gogo Share this post Link to post Share on other sites
heidireneeparker 0 Report post Posted April 12, 2007 Everything is running much better. I do not have the false Windows error messages anymore, and the Ultimate Cleaner/Defender window has not returned. It appears all the bad stuff is gone! Thanks so much for all your help! I'll come back if the problems happen again. Share this post Link to post Share on other sites
HJThis 0 Report post Posted April 13, 2007 Hi,heidireneeparker Your welcome but before you go away here may I ask that you run my last steps,then come back tell me how it all goes. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Next, let's clean your restore points and set a new one Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. * On the Desktop, right-click My Computer. * Click Properties. * Click the System Restore tab. * CHECK Turn off System Restore. * Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. * On the Desktop, right-click My Computer. * Click Properties. * Click the System Restore tab. * UN-Check Turn off System Restore. * Click Apply, and then click OK. System Restore will now be active again. Then create a new restore point once you have System Restore back on. To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore. When the System Restore Utility opens, click "Create a Restore Point" then click Next. Enter a name for this Restore Point, and click Create. --------------------- For Internet Explorer 7 Click Start, click Control Panel, and then double-click Internet Options.On the General tab, click Delete... under Browsing History.Next to Temporary Internet Files, click Delete files, and then click OK.Next to Cookies, click Delete cookies, and then click OK.Next to History, click Delete history, and then click OK.Click the Close button.Click OK. --------------------- Firefox (In case you also have Firefox installed) Open Firefox and go to Tools -> Options. Click Privacy in the menu on the left side of the Options window. Click the Clear button located to the right of each option (History, Cookies, Cache). Click OK to close the Options window. Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. --------------------- Make your Internet Explorer more secure - This can be done by following these simple instructions: 1. From within Internet Explorer click on the Tools menu and then click on Options. 2. Click once on the Security tab 3. Click once on the Internet icon so it becomes highlighted. 4. Click once on the Custom Level button. a. Change the Download signed ActiveX controls to Prompt b. Change the Download unsigned ActiveX controls to Disable c . Change the Initialize and script ActiveX controls not marked as safe to Disable d. Change the Installation of desktop items to Prompt e. Change the Launching programs and files in an IFRAME to Prompt f. Change the Navigate sub-frames across different domains to Prompt g. When all these settings have been made, click on the OK button. h. If it prompts you as to whether or not you want to save the settings, press the Yes button. 5. Next press the Apply button and then the OK to exit the Internet Properties page. And please have a look at the great info by Mr,TK So how did I get infected in the first place Gogo Share this post Link to post Share on other sites
heidireneeparker 0 Report post Posted April 13, 2007 I sucessfully completed these steps, and everything is still running fine. I will take a look at that page you recommended, thanks! Share this post Link to post Share on other sites
HJThis 0 Report post Posted April 14, 2007 Hi,heidireneeparker This is great news if you have anymore problmes let me know. Gogo Share this post Link to post Share on other sites
miekiemoes 0 Report post Posted May 11, 2007 Since this issue appears resolved ... this Topic is closed. If you need this topic reopened for continuations of existing problems, please request this by sending your helper a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. Share this post Link to post Share on other sites
