Jump to content
  • Join The PCTechBytes Community

    Welcome to PCTechBytes! Whether your a battle-seasoned geek or a technology novice, sign up for the free PCTechBytes forums to interact with other like-minded people. Get computer help or assist a fellow member and do your good deed for the day. The forums are heavily moderated and friendly, so join today and begin posting now!

Archived

This topic is now archived and is closed to further replies.

JBrew

Internet Explorer HiJacked redirected to safeiepage.com

Recommended Posts

Greetings from Colorado!

My IE browser seems to have been hijacked. I have and use SpyBotS&D, Adaware, and McAfee AV ver 10. Additionally, I manually delete my cookies and temp and temp internet files frequently.

I have performed all of the above repeatedly, rebooting, Disconnected from the internet, and again repeated all of the above until no new cookies or temp files appeared in my docs and settings / user/... folders.

However, it seems my ie browser is still infected from this malware or hijacking thing. Please review my logfile below and advise how I can purge this from my machine. THANK YOU in advance. JBrew

Share this post


Link to post
Share on other sites

1st Part of Log File:

Logfile of HijackThis v1.99.1

Scan saved at 9:52:42 PM, on 10/21/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VideoCompressionCodec\isamonitor.exe

C:\Program Files\VideoCompressionCodec\pmsngr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\VideoCompressionCodec\pmmon.exe

C:\Program Files\VideoCompressionCodec\isamini.exe

C:\Program Files\Glance\Glance.exe

C:\Program Files\Omega Research\Program\orschd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\HiJack Program\HijackThis.exe

Share this post


Link to post
Share on other sites

2nd part of Log File

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

Share this post


Link to post
Share on other sites

Hello: JBrew

You need to post a full HijackThis Log File. :D

My Mistake. Here is the rest of it that I had thought came through.

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - Startup: Check for TWS Updates.lnk = C:\IB Jts\WiseUpdt.exe

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Check for Updates.lnk = C:\Program Files\Preferred ProTrader\WiseUpdt.EXE

O4 - Global Startup: Glance.lnk = ?

O4 - Global Startup: Omega Research Task Scheduler.lnk = C:\Program Files\Omega Research\Program\orschd.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html

O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://liverep.esignal.com/netagent/objects/custappx3.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.15.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe

O16 - DPF: {46378FDC-0501-446E-8CC9-9C4F6F5E906B} (DownloadInstall Class) - http://www.glance.net/install/GDownloadInstall.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - http://eblvd.com/control/ebie.cab

O16 - DPF: {743F6578-F957-4DCB-A659-A3B02BF334D5} (IEUpgCtrlX Class) - http://www.viomeeting.com/vm/player/cabs/ieupgctrl.cab

O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/main/dpcsysinfo.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned33.cab

O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://emtg4.centra.com/SiteRoots/dtitrader/Install/CentraDownloader.cab

O16 - DPF: {B8037A22-5FE1-4CC3-B862-E644A521EE54} - http://www2.pristine.com/ESP/Install/1.56.0139/esp-install.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://www.patsystems.com/Downloads/j2re-1_4_2_03-windows-i586-p.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dtitrader.webex.com/client/latest/training/ieatgpc.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_6.cab

O16 - DPF: {EFAB8D1F-794A-4C47-B834-53653E05A441} (VNCViewer Class) - https://www.omnovia.com/pages/sc2/image/SCV.CAB

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Share this post


Link to post
Share on other sites

Hello: JBrew

You need to post a full HijackThis Log File. :D

Here is the last line:

C:\WINDOWS\system32\UAService7.exe

Is it possible to remove my current 6.0 version of Internet Explorer, and just download the new 7.0 version, as a possible solution to correct this hijacking I continue to experience? THANKS a Ton! JBrew

Share this post


Link to post
Share on other sites

Yes you can download the new IE 7 from here:

IE 7 Download

It will automatically Install the new version and remove the old version, but in this case if you need to go back to the older version all you need to do is delete version IE 7 from Add Remove thru Control Panel and it will revert back to IE 6

If you decide to do this please post back a new HJT Log File.

Let me know before I reveiw your log.

Share this post


Link to post
Share on other sites

Yes you can download the new IE 7 from here:

IE 7 Download

It will automatically Install the new version and remove the old version, but in this case if you need to go back to the older version all you need to do is delete version IE 7 from Add Remove thru Control Panel and it will revert back to IE 6

If you decide to do this please post back a new HJT Log File.

Let me know before I reveiw your log.

Thanks for the IE version upgrade info above RoadRage.

I may do that After I get this hijacked bug off of my machine or current browser. ( It is not clear to me if simply upgrading my IE to a higher version would help my situation at all. ?? )

So I would Greatly Appreciate your comments of my logfile above.

As stated above, I have repeatedly run and re-booted the following after I have updated each program. I have then disconnected from the internet, and run and rebooted my machine after each instance, ... Until there have been no new Cookies, Temp, or TIF's in my Docs and Settings directories. I have also manually deleted these folders of their contents and purged the Recycle bin too.

Unfortunately, each time I re-connect my machine to the internet, my IE 6.0 browser opens to this unrequested http://safeiepage.com/ site that pops up these “fake†system performance warnings and other un desirable graphic web sites.

Thank you for your help to resolve this hijack problem. I Greatly appreciate it, and look forward to your comments of my log file above and the possible culprit. JBrew.

Share this post


Link to post
Share on other sites

Hi.

I am viewing you log file, so please be patient while waiting for a response.

Thank you

Share this post


Link to post
Share on other sites

Hello: JBrew

There are a couple of thing's I need you to do first.

Download these tool's and do not run these tool's untill told to do so.

Download:

ATF Cleaner

Download KillBoxfrom here:

KillBox

Download SmitFraud by S!Ri from Here:

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

SmitFraud

Download ewido anti-spyware and save that file to your desktop.

After the installation, a free 30-day trial version containing all the extensions of the full version will be activated. At the end of the trial, these extensions will be deactivated and the program will turn into a feature-limited freeware version.

AVG Anti-Spyware formerly EWIDO

After the download is complete.

  • Double-click on the ewido install file to launch the installation process.
  • Follow the prompts and be sure that Launch AVG Anti-Spyware is checked.
  • Once the main program screen has opened, click on Update now.
  • You will see an update progress bar, followed by an Update Succesful message when updating is complete.
  • After the database is installed, Click Scanner | Settings | Recommended actions | Quarantine.
  • Under the "Reports" section:
  • Select Automatically generate report after every scan
    De-select Only if threats were found.
  • Once updating is 100% complete close AVG Anti-Spyware.

Show hidden files by doing this:

1. Click Start.

2. Open My Computer.

3. Select the Tools menu and click Folder Options.

4. Select the View Tab.

5. Under the Hidden files and folders heading select Show hidden files and folders.

6. Uncheck the Hide protected operating system files (recommended) option.

7. Click Yes to confirm.

8. Click OK.

Now after the above is complete you will need to Boot into Safe Mode.

Reboot your computer into SafeMode by doing the following:

Restart your computer.

Immediately after restarting your computer, start tapping the F8 Key.

Instead of Windows loading as normal, Safe Mode Option's should appear (this can take several tries).

Select the first option, to run Windows in Safe Mode.

Once in Safe Mode:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.

Once the scan is complete do the following:

  • If you have any infections you will prompted, then select "Apply all actions".
  • Next select the "Reports" icon at the top.
  • Select the Save Report button in the lower left hand of the screen and Save the report to your Desktop.
  • Close ewido.

Double-click ATF-Cleaner.exe to run the program.

This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.

Under Main choose: Select All

Click the Empty Selected button.

While still in Safe Mode.

Open the SmitFraudFix.cmd:

Folder.png

Select option 1. - Search by typing 1 and press Enter

Fix01b.jpg

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt

The tool will create a log named rapport.txt in the root of your drive, eg:

Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Boot back to Normal Mode and open HiJackThis.

Then close all open Windows and Browser's including this one and select Do a system scan and save a log file.

now post back these.

  • A new HJT Log File.
  • The SmitFraud rapport.txt file.
  • The AVG Anti-Spyware text file.

Share this post


Link to post
Share on other sites

Hello RoadRage,

First I want to say that I Very Much Appreciate your help and efforts with my browser-hijacking problem. Also appreciated that you communicated in your 2nd to last post that you were working on it.

I have performed all of the tasks that you outlined above, and will include each report below. Just a few things to note first:

1. The AVG scan results were initially tagged with "Ignore once" However, I somewhat deviated from your above instructions by selecting a "recommended action" choice. That deleted some files and quarantined others, as you will see in that report.

2. I never used or ran the Killbox program. ( But I did download it as instructed.)

3. Yesterday while awaiting your instructions my machine was choked-up and the CPU was pegged at 100%. To attempt to remedy the problem, I rebooted into safe mode. Since I noticed that an isamonitor.exe file and Video Compression Codec program kept requiring a manual end program whenever I was shutting down the PC.

So I Reviewed the Add/Delete Programs to try to delete this Video Compression Codec program, but it was not Listed in the Add/Remove Program list.

[ I was suspicious of this program as its last used date was on the date I first encountered browser problems of Oct 19-2006, and at each shut down the isamonitor.exe had to be “END Programmed†by the shutdown cycle.] Anyway, after I moved these files to the recycle bin while in safe mode, and restarted to regular boot, my ie browser was working again!

Nonetheless, I ran all of the additional scanning and cleaning programs that you recommended and posted my reports below. While my hijack problem seems to be fixed, I’d still like to hear any comments you may have about my log files below, or if there are any completion tasks I should perform.

Thank you again So So Much! John

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 7:26:28 AM, on 10/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Omega Research\Program\orschd.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll (file missing)

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - Startup: Check for TWS Updates.lnk = C:\IB Jts\WiseUpdt.exe

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Omega Research Task Scheduler.lnk = C:\Program Files\Omega Research\Program\orschd.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html

Share this post


Link to post
Share on other sites

O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://liverep.esignal.com/netagent/objects/custappx3.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.15.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe

O16 - DPF: {46378FDC-0501-446E-8CC9-9C4F6F5E906B} (DownloadInstall Class) - http://www.glance.net/install/GDownloadInstall.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - http://eblvd.com/control/ebie.cab

O16 - DPF: {743F6578-F957-4DCB-A659-A3B02BF334D5} (IEUpgCtrlX Class) - http://www.viomeeting.com/vm/player/cabs/ieupgctrl.cab

O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/main/dpcsysinfo.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned33.cab

O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://emtg4.centra.com/SiteRoots/dtitrader/Install/CentraDownloader.cab

O16 - DPF: {B8037A22-5FE1-4CC3-B862-E644A521EE54} - http://www2.pristine.com/ESP/Install/1.56.0139/esp-install.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://www.patsystems.com/Downloads/j2re-1_4_2_03-windows-i586-p.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dtitrader.webex.com/client/latest/training/ieatgpc.cab

O16 - DPF: {EFAB8D1F-794A-4C47-B834-53653E05A441} (VNCViewer Class) - https://www.omnovia.com/pages/sc2/image/SCV.CAB

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

END

Share this post


Link to post
Share on other sites

SmitFraudFix v2.113

Scan done at 7:05:57.18, Tue 10/24/2006

Run from C:\Documents and Settings\John\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dpfwu.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John\Application Data

C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBurster 6.2.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\John\STARTM~1\VirusBurster 6.2.lnk FOUND !

C:\DOCUME~1\John\STARTM~1\Programs\VirusBurster FOUND !

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\John\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\John\Desktop\VirusBurster.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoCompressionCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Sure thing JBrew

The AVG scan results were initially tagged with "Ignore once"

Do you mean this:

After the database is installed, Click Scanner | Settings | Recommended actions | Quarantine.

If you have any infections you will prompted, then select "Apply all actions

Just remember to be patient while I interpet the log's these can be long.

Share this post


Link to post
Share on other sites

Note- This was the 1st report run this morning.

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 6:27:50 AM 10/24/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).

HKU\S-1-5-21-426764551-2027339946-1710738407-1005\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\Lang -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\Lang\English.ini -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\Logs -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\Quarantine -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\VirusBurster.url -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\blacklist.txt -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\msvcp71.dll -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\msvcr71.dll -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\uninst.exe -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\Program Files\VirusBurster\vir.dat -> Adware.VirusBurster : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBurster -> Adware.VirusBurster : Cleaned with backup (quarantined).

HKLM\SOFTWARE\VirusBurster -> Adware.VirusBurster : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Adware.WebEx : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Ignored.

:mozilla.29:C:\Documents and Settings\John\Application Data\Mozilla\Profiles\Yosemite_Dreams\qby94n42.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.30:C:\Documents and Settings\John\Application Data\Mozilla\Profiles\Yosemite_Dreams\qby94n42.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.31:C:\Documents and Settings\John\Application Data\Mozilla\Profiles\Yosemite_Dreams\qby94n42.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.27:C:\Documents and Settings\John\Application Data\Mozilla\Profiles\Yosemite_Dreams\qby94n42.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.11:C:\Documents and Settings\John\Application Data\Mozilla\Profiles\Yosemite_Dreams\qby94n42.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.33:C:\Documents and Settings\John\Application Data\Mozilla\Profiles\Yosemite_Dreams\qby94n42.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

::(AVG) Report end

Share this post


Link to post
Share on other sites

Hi: JBrew

You have HJT running from your Desktop.

C:\Documents and Settings\John\Desktop\HijackThis.exe

This need's to be in it's own folder, it make's a Backup's of your system file's, that file will be needed if HJT delete's anything and make's your computer go bad, also the backup file could accidently be deleted when cleaning up.

Make a New Folder in C:\ or C:\Programs\ and name it HJT or something you will remember, then Donload HJT again and Unzip it to there, then delete this one C:\Documents and Settings\John\Desktop\HijackThis.exe<=====Delete the File in bold only.

Was that all of the AVG Report :confused:

Boot to Safe Mode.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Fix02b.jpg

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

After it is thru do this:

Double-click ATF-Cleaner.exe to run the program.

This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.

Under Main choose: Select All

Click the Empty Selected button.

Reboot back to Normal Mode.

Go to Add-Remove Programs and look for and delete these Programs if they are there:

VideoCompressionCodec

Paltalk

VirusBurster

Next open HJT and select: None of the above just start the program.

Then select Scan.

When it is thru Checkmark these for removal:

O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)

O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll (file missing)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab

Some info on this one below:

components of the legal adware called PopCap Loader from PopCap Games company. It is a Web plug-in that provides Web update features.

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab

Do you know these or use them if not Checkmark them for removal in HJT as well.

O16 - DPF: {46378FDC-0501-446E-8CC9-9C4F6F5E906B} (DownloadInstall Class) - http://www.glance.net/install/GDownloadInstall.cab

O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Package...TJNILoader.cab

O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - http://eblvd.com/control/ebie.cab

O16 - DPF: {743F6578-F957-4DCB-A659-A3B02BF334D5} (IEUpgCtrlX Class) - http://www.viomeeting.com/vm/player/cabs/ieupgctrl.cab

O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/main/dpcsysinfo.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/...rxsigned33.cab

O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/i...ncherSetup.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://emtg4.centra.com/SiteRoots/dt...Downloader.cab

O16 - DPF: {B8037A22-5FE1-4CC3-B862-E644A521EE54} - http://www2.pristine.com/ESP/Install...sp-install.cab

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://www.patsystems.com/Downloads/...ows-i586-p.exe

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dtitrader.webex.com/client/l...ng/ieatgpc.cab

O16 - DPF: {EFAB8D1F-794A-4C47-B834-53653E05A441} (VNCViewer Class) - https://www.omnovia.com/pages/sc2/image/SCV.CAB

These are uneeded at startup and use system resources and can be manualy opened and run when you need them.

You can Checkmark these for removal if you want in HJT.

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

If you want these as your Startup page keep them otherwise Checkmark them in HJT for removal.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

Now Close all Open Window's Program's and Browser's including this one and select Fix in HJT then Exit.

Look for and delete these files if they are still there, by selecting Start \ Search \ File's and Folder's or manualy looking for them.

C:\Program Files\VideoCompressionCodec <====== the File in bold only.

C:\Program Files\Paltalk<====== the File in bold only.

C:\WINDOWS\system32\dpfwu.dll<====== the File in bold only.

Double-click ATF-Cleaner.exe to run the program.

This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.

Under Main choose: Select All

Click the Empty Selected button.

Then Reboot the comuter aagin.

Now Close all Open Window's Program's and Browser's including this one and open HJT and select: Do a system scan and save a log file

Post back with these Log File's:

  • A new HJT Log File.
  • The new SmitFraud rapport.txt file.

Include info about file's you could not find or could not delete.

Let me know how your computer is running.

Share this post


Link to post
Share on other sites

Hi RoadRage,

Sorry for my delay in replying. I have run the procedures and will post the HJT and the rapports in the next posts.

To answer your prior question; If that was all of the AVG report? Yes it was.

Before each reboot, I typically delete my Cookies, Temp, and TIF files manuallly, so that may have reduced the size of my AVG Report. ?

smitfraudfix.cmd :>>> The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. - It apparently did NOT find a clean one, So it did not replace the one I have.

Go to Add-Remove Programs and look for and delete these Programs if they are there:

VideoCompressionCodec

Paltalk

VirusBurster

NONE were listed in my ADD/Remove Programs

Below is a listing of files you suggested I Delete, and my notes of what I did.

NO Longer LISTED O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)

NO Longer LISTED O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll (file missing)

Ok- Checked R3 - URLSearchHook:(no name)- {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Ok- Checked O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

Ok- Checked O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab

Some info on this one below:

components of the legal adware called PopCap Loader from PopCap Games company. It is a Web plug-in that provides Web update features.

Ok- Checked O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab

Do you know these or use them if not Checkmark them for removal in HJT as well.

Ok- Checked O16 - DPF: {46378FDC-0501-446E-8CC9-9C4F6F5E906B} (DownloadInstall Class) - http://www.glance.net/install/GDownloadInstall.cab

Ok- Checked O16 - DPF: Sametime JNI Loader ST30SP1 - http://chat.pristine.com/RTR/Package...TJNILoader.cab

Ok- Checked O16 - DPF: {5EF798EA-C110-4E8F-ABB7-0F49B22AAC9D} (Launcher Class) - http://eblvd.com/control/ebie.cab

O16 - DPF: {743F6578-F957-4DCB-A659-A3B02BF334D5} (IEUpgCtrlX Class) - http://www.viomeeting.com/vm/player/cabs/ieupgctrl.cab

Ok- Checked O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/main/dpcsysinfo.cab

Ok- Checked O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/...rxsigned33.cab

Ok- Checked O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/i...ncherSetup.cab

Ok- Checked O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://emtg4.centra.com/SiteRoots/dt...Downloader.cab

Ok- Checked O16 - DPF: {B8037A22-5FE1-4CC3-B862-E644A521EE54} - http://www2.pristine.com/ESP/Install...sp-install.cab

Ok- Checked O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://www.patsystems.com/Downloads/...ows-i586-p.exe

Ok- Checked O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dtitrader.webex.com/client/l...ng/ieatgpc.cab

Ok- Checked O16 - DPF: {EFAB8D1F-794A-4C47-B834-53653E05A441} (VNCViewer Class) - https://www.omnovia.com/pages/sc2/image/SCV.CAB

These are uneeded at startup and use system resources and can be manualy opened and run when you need them.

You can Checkmark these for removal if you want in HJT.

Ok- Checked O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe

Ok- Checked O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Ok- Checked O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Ok- Checked O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

Ok- Checked O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe

Ok- Checked O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

If you want these as your Startup page keep them otherwise Checkmark them in HJT for removal.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

Now Close all Open Window's Program's and Browser's including this one and select Fix in HJT then Exit.

Look for and delete these files if they are still there, by selecting Start \ Search \ File's and Folder's or manualy looking for them.

C:\Program Files\VideoCompressionCodec <====== the File in bold only.

C:\Program Files\Paltalk<====== the File in bold only.

NOT FOUND C:\WINDOWS\system32\dpfwu.dll<====== the File in bold only.

PC is working verg good. It was working well after I deleted the Video Compression Codec Files when I deleted them Manually per my prior comments. Two requested reports to follow.

I THANK You once again for your help in walking me through this. John

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:29:14 PM, on 10/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Omega Research\Program\orschd.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\HiJack Program\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - Startup: Check for TWS Updates.lnk = C:\IB Jts\WiseUpdt.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Omega Research Task Scheduler.lnk = C:\Program Files\Omega Research\Program\orschd.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://liverep.esignal.com/netagent/objects/custappx3.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {743F6578-F957-4DCB-A659-A3B02BF334D5} (IEUpgCtrlX Class) - http://www.viomeeting.com/vm/player/cabs/ieupgctrl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Share this post


Link to post
Share on other sites

SmitFraudFix v2.113

Scan done at 19:05:41.03, Wed 10/25/2006

Run from C:\Documents and Settings\John\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBurster 6.2.lnk Deleted

C:\DOCUME~1\John\Desktop\VirusBurster.lnk Deleted

C:\DOCUME~1\John\STARTM~1\VirusBurster 6.2.lnk Deleted

C:\DOCUME~1\John\STARTM~1\Programs\VirusBurster Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

C:\Program Files\VideoCompressionCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

I will try to insert the screen capture I took of the files that I believe caused my browser hijacking as well as 2 suspicious links. I deleted these files and purged the recycle bin. Rebooted, and all seemed to operate normally once again.

I cannot insert or attach a word file with my screen shot of the suspected files. I'd be happy to email this to you if you would be interested to better help the next person.

FYI.... JBrew

Share this post


Link to post
Share on other sites

Jbrew

Run AVG Anti-Spyware in Normal Mode.

Makes sure to update these two below before you run them.

Run them one at a time and reboot after each one.

Run Ad-Aware in Normal Mode and let it delete anything it finds.

Download SpybotSearch&Destroy and use the Tutorial to set it up and delete anything in red it finds.

SpyBotSearch&Destroy

Tutorial

Post back with:

  • A new HJT Log File.
  • The AVG Anti-Spyware text file.

Sure send me your screen capture.

Go to my public profile and send it E-Mail.

Share this post


Link to post
Share on other sites

Hello RoadRage,

Hope you are enjoying a good weekend. I updated both my AVG and Spybot S&D, and then ran them (after disconnecting from the internet). My AVG and HJT reports to follow.

The SpyBot S&D did not find anything at all. Of Note is that my McAfee VS kept popping up that it has found some PUP files that may be potentially harmful. [ This was before I ran AVG and S&D.] Anyway I ran the 2 scans you requested 1st. The alarming part on these McAfee warning pop-up screens is the file path started out with C:/System Volume Information\ That was all that was visible. There were several of these files and they were dlls, such as A0128805.dll My Virus Scan Clean required Delete, and it strongly recommended that I perform a virus scan. So after I ran the 2 scans and the HJT above, I went ahead and performed the Virus Scan.

It only found 3 potentially unwanted programs. 2 were Smitfraud fix files - Which I ignored. And I Quarantined the 3rd one which was a Process.exe file or program in the C:\WINDOWS\system32\Process.exe.

My PC seems to be working very well and predictably. The only lingering question or issue I have is a Temp File that i cannot delete in my Docs&Settings/User/Local Settings/Temp Folder. It is named; Perlib_Perfdata_a98.dat File I suspect that it is part of one of these scanning programs that you have had me recently download. But that is just my hunch.

Please let me know if you see anything questionable in either my AVG or HJT Reports below. [ PS I have emailed to your hotmail address a word doc with the screen capture of what I beleve to have been the culprit files/program of my browser hijack.]

Thank you once again for your time and efforts in helping me get my browser back, and my PC Bug Free! JBrew.

Share this post


Link to post
Share on other sites

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 2:49:12 PM 10/28/2006

+ Scan result:

C:\HiJack Program\backups\backup-20061025-230240-405.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned.

::Report end

HJT LOG File = >>>>>>

Logfile of HijackThis v1.99.1

Scan saved at 3:13:33 PM, on 10/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Omega Research\Program\orschd.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\HiJack Program\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - Startup: Check for TWS Updates.lnk = C:\IB Jts\WiseUpdt.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Omega Research Task Scheduler.lnk = C:\Program Files\Omega Research\Program\orschd.exe

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://liverep.esignal.com/netagent/objects/custappx3.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

O16 - DPF: {743F6578-F957-4DCB-A659-A3B02BF334D5} (IEUpgCtrlX Class) - http://www.viomeeting.com/vm/player/cabs/ieupgctrl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Share this post


Link to post
Share on other sites

Hi: JBrew

Your HJT Log looks clean, but on this one I guess you use it.

This is with Morhpeus P2P file sharing.

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB

Download these Cleaners and run them.

ATFCleaner

Double-click ATF-Cleaner.exe to run the program.

This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.

  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use the Firefox browser.

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser.

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Download:

CCLeaner

Once installed, run CCleaner & select the Windows tab

Select ONLY the options illustrated below (Nothing in Applications tab should be checked):

cleaner.gif

(You may check Cookies, too, if you wish.)

Next: click Options > click Advanced

Uncheck: "Only delete files older than 48 hrs", click Ok

Return to Cleaner then click Run Cleaner (bottom right) then Exit

CCleaner should be run with the above settings for each User Account!

You will need to turn off System Restore and then make a new Restore Point.

Manual steps to turn off System Restore:

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4. Click Yes when you receive the prompt to the turn off System Restore.

Reboot computer then do this:

Manual steps to turn on System Restore:

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Then make a new Restore Point:

To manually create a restore point:

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

2.On the Welcome page, click Create a restore point.

3.On the Create a Restore Point page, enter a descriptive name for your restore point, as shown in the image below, and then click Create.

sysrest3.jpg

The Restore Point Created page confirms that the new restore point has been created.

Let me know if this file is still there after the above:

Perlib_Perfdata_a98.dat, it is part of a program file but I am not sure which one.

P.S.

About the document you sent me, yes those are some bad files, good job on the cleaning.

Let me know how things are with the computer, I have some additional programs I would suggest you use.

Share this post


Link to post
Share on other sites



  • Our picks

    • We all want a simple DIY OTA TV recording solution. Watching television over the air is nothing new–people have been doing it for decades. Having the ability to bring a high definition signal into your home, record it and–in some cases–remove commercials, is definitely a game-changer in this space. The era of streaming services such as Netflix, Hulu and YouTube TV, have made cord-cutting virtually painless, as viewers can dump their pricey cable bundles and cable box rentals for cheaper streaming television services. But the questions has always been, what do I do about my local channels? 

      Read the full post on Simple DIY OTA TV Recording and Viewing Options 
      • 0 replies
    • Acer Chromebook Troubleshooting And Repair
      You can perform Acer Chromebook troubleshooting with these steps. Chromebook issues can generally be addressed by resetting the device back to factory defaults, but if the issue is a hardware defect, you will need to first diagnose and then take measures to repair the machine. The following are some of the more common issues you may have with your Acer Chromebook. Acer Chromebook Troubleshooting To begin, many problems can be fixed simply by performing a factory reset of your Chromebook. This will ensure any changes you made to the computer since you received it are wiped out ...

      Read more on Acer Chromebook Troubleshooting And Repair 

       
      • 0 replies
×
×
  • Create New...