|
| ||
| Fake spyware screen, screen saver, and pop ups Originally, i clicked a link that started with urlcut.com (i recommend no one clicking any website that starts with urlcut.com, it basically hides the original website address in this) and ended up with 2 kinds of problems: 1st - pop ups randomly popping up even if pop up blocker is on. 2nd-my wallpaper is a white screen with a message from windows to dowload an anti-virus and spyware program...and a screen saver that switches from blue to a restart screen... I've read a bunch of the threads, I've ran spybot(i think mine wasn't working correctly though) ad aware (detected lots of stuff-but nothing got fixed still) and ez virus. Then I ran malware bytes (as posted in your forum) and it fixed it all! But to be sure, here is my malware bytes log of what it cleaned up and my hijack this log. Please let me know what steps I need to do next and if everything is cleaned up already. Thank you so much! I'm very grateful for this forum and everyone's help! malware bytes log: Malwarebytes' Anti-Malware 1.25 Database version: 1087 Windows 5.1.2600 Service Pack 2 2:02:29 PM 8/25/2008 mbam-log-08-25-2008 (14-02-29).txt Scan type: Full Scan (C:\|) Objects scanned: 267451 Time elapsed: 3 hour(s), 4 minute(s), 55 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 4 Registry Values Infected: 7 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 27 Memory Processes Infected: C:\WINDOWS\system32\lphc59rj0ejbr.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\blphc59rj0ejbr.scr (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\__c008896.dat (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008896 (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f135a63d4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc59rj0ejbr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\blphc59rj0ejbr.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\D9.tmp (Backdoor.Rustock) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt19B.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\9e0558f9.sys (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Noah's\Local Settings\Temp\_A00F135A63D4.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\__c008896.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphc59rj0ejbr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phc59rj0ejbr.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Noah's\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:52:14 PM, on 8/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\WINDOWS\system32\MDM.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: (no name) - {DCDDC8AF-5237-28E6-1405-28F076C83DC2} - (no file) O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: V CAST Music Monitor.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Old Disk\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...otoUploader3.c ab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...otoUploader.ca b O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...Controls/en/x8 6/client/wuweb_site.cab?1158137246211 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...ploadControl.c ab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5216 bytes |
| ||
| Re: Fake spyware screen, screen saver, and pop ups Other than the fact that the log should be single spaced and is quite hard to read it looks pretty good. Did you reboot after using the Malwarebytes program? |
| ||
| Re: Fake spyware screen, screen saver, and pop ups Quote:
I don't know why the log looks like that, I agree, it's very hard to read, sorry. Thanks to everyone who has posted solutions, they all helped me! I love daniweb and all the IT people here! |
| ||
| Re: Fake spyware screen, screen saver, and pop ups What is your onboard antivirus program and firewall? I don't see any in the log? |
| ||
| Re: Fake spyware screen, screen saver, and pop ups I don't know how to install a firewall =( I accidently uninstalled ez antivirus. So I am going to try and dowload a free anti-virus program. |
| ||
| Re: Fake spyware screen, screen saver, and pop ups Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap. Highlight the entire text and post the log back here. |
| ||
| Re: Fake spyware screen, screen saver, and pop ups Here is my new HiJack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:07:28 PM, on 8/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\MDM.EXE C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: (no name) - {DCDDC8AF-5237-28E6-1405-28F076C83DC2} - (no file) O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: V CAST Music Monitor.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Old Disk\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158137246211 O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5759 bytes |
| ||
| Re: Fake spyware screen, screen saver, and pop ups Can you please do the following. =============== Go to Add/Remove programs and uninstall the following, if present: Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar The above could appear anywhere within the entry. Be careful not to remove any personal or system software. =============== Scan with HijackThis and then place a check next to all the following, if present: O2 - BHO: (no name) - {DCDDC8AF-5237-28E6-1405-28F076C83DC2} - (no file) O4 - Startup: V CAST Music Monitor.lnk = ? O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders: folders... C:\Program Files\Viewpoint - Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Reboot. =============== Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm |
| All times are GMT -4. The time now is 9:13 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC