PDA

View Full Version : I think I have been infected by a Trojan_STARTPA.HI iexplore.exe


mojomike
2006-11-27, 01:05
Hi
Can someone please help me to disenfect my computer from the problems I have. Here are the logs you asked me to save ... Logfile of HijackThis v1.99.1
Scan saved at 22:06:16, on 26/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Sygate firewall\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
E:\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
E:\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Mozilla Firefox\firefox.exe
C:\AntiSpyWare\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] E:\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [ares] "E:\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Sygate firewall\smc.exe

Incident Status Location

Virus:Trj/Agent.DCP Disinfected Operating system
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MHKFMB63\popup[1].php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0060)http://uk.trendmicro-europe.com/housecall/v6.5/header_tm.php -->
<HTML><HEAD><TITLE>Trend Micro HouseCall</TITLE>
<META http-equiv=Content-Type content="text/html; charset=UTF-8"><LINK
href="header_tm_files/main.css" type=text/css rel=stylesheet>
<SCRIPT language=javascript>
// Format links to open in a new window
window.onload = function() {
var anchors = document.getElementsByTagName("A");
for(var i = 0; i < anchors.length; i++)
if(anchors[i].href)
anchors[i].target="_blank";
}
</SCRIPT>

<META content="MSHTML 6.00.2800.1264" name=GENERATOR></HEAD>
<BODY bottomMargin=0 leftMargin=0 topMargin=0 rightMargin=0 marginheight="0"
marginwidth="0">
<TABLE width="100%">
<TBODY>
<TR>
<TD width=125><A href="http://www.trendmicro-consumer.com/"><IMG
id="Trend Micro - Homepage" height=50 alt="Trend Micro - Homepage"
src="header_tm_files/header_logo.gif" width=125 border=0
name="Trend Micro - Homepage"></A></TD>
<TD><IMG height=1 alt="" src="header_tm_files/px.gif" width=1 border=0></TD>
<TD vAlign=top align=right><!--begin bulk of the menu-->
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top rowSpan=2></TD>
<TD><IMG height=1 src="header_tm_files/p_trans.gif" width=7
border=0></TD>
<TD><!--A href="http://.trendmicro-europe.com/consumer/about_us/sitemap.php" class="leftnav">Sitemap</A-->&nbsp;</TD>
<TD><IMG height=1 alt=""
src="C:\Documents and Settings\Administrator\My Documents\TREND MICRO HouseCall 6_5 26 11 06_files\header_tm_files\px(1).gif"
width=12 border=0></TD>
<TD><IMG height=1 alt=""
src="C:\Documents and Settings\Administrator\My Documents\TREND MICRO HouseCall 6_5 26 11 06_files\header_tm_files\px(1).gif"
width=6
border=0></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></BODY></HTML><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<!-- saved from url=(0142)http://eu-housecall.trendmicro-europe.com/housecall/ui-cached/html/default/stage1i2.xml?locale=en_GB&impl=applet/html/native/x86/win32/activex -->
<HTML><HEAD><TITLE>Trend Micro™</TITLE>
<META http-equiv=Content-Type content="text/html; charset=UTF-8">
<SCRIPT language=javascript src="stage1i2_files/housecallapi.js"></SCRIPT>

<META content=noindex,nofollow name=robots><LINK id=cssDefaultStyle
href="stage1i2_files/main.css" rel=StyleSheet><LINK id=cssJaStyle disabled
href="stage1i2_files/main-ja_JP.css" rel=StyleSheet><LINK
href="stage1i2_files/tab.css" rel=StyleSheet><LINK href="stage1i2_files/box.css"
rel=StyleSheet><LINK href="stage1i2_files/tree.css" rel=StyleSheet><LINK
href="stage1i2_files/table.css" rel=StyleSheet><LINK
href="stage1i2_files/browser.css" rel=StyleSheet><LINK
href="stage1i2_files/progress.css" rel=StyleSheet><LINK
href="../../../favicon.ico" rel="Shortcut Icon">
<SCRIPT language=javascript src="stage1i2_files/housecallapi.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/_"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/implementation.js"
xmlns:implementation="http://housecall.trendmicro.com/xmlns/preprocess/applet/implementation"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/prototypeNodes.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/main.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/allContext.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/cards.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/tab.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/tree.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/box.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/table.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/browser.js"></SCRIPT>

<SCRIPT language=javascript src="stage1i2_files/progress.js"></SCRIPT>

<SCRIPT language=javascript id=encyclopediaBinding></SCRIPT>

<SCRIPT language=javascript>
// Create the UICore Manager for this page

window.UICore = new UICore(null);


// Deal with japanese styles
if(window.UICore.isJapaneseUI()) {
document.getElementById("cssDefaultStyle").disabled = true;
document.getElementById("cssJaStyle").disabled = false;
} else
document.getElementById("cssJaStyle").disabled = true;

// Load the Encyclopedia Binding
var eB = document.getElementById("encyclopediaBinding");
eB.src = window.UICore.getLocalizedUrl("encyclopedia/glossary/glossary-js.xml");

// Define some needed collections
window.allOptions = [];
window.allBoxPrototypes = [];
window.allHeadlinePrototypes = [];
</SCRIPT>

<SCRIPT language=javascript>

window.UICore.api.setStartupContext("Initial");

// Handle loading synchronisation
window.isLoaded = false;
window.loadCount = 0;

window.notifyLoaded = function(container) {
this.loadCount++;
}

window.canBind = function() {
return window.isLoaded && loadCount >= 2;
}

// Handle onload
window.onload = function() {
var UICore = this.UICore;
var defaultImplementation = "applet/html/javascript";
var urlParams = UICore.getUrlParameters(window.location.href);
if(!isEmpty(urlParams["impl"]))
defaultImplementation = null;
frames["banner"].location.replace(UICore.getLocalizedUrl("banner.xml", null, defaultImplementation));
frames["state"].location.replace(UICore.getLocalizedUrl("stage1-state.xml", null, defaultImplementation));
frames["baseline"].location.replace(UICore.getLocalizedUrl("baseline.xml", null, defaultImplementation));

frames["context"].location.replace(UICore.getLocalizedUrl("context-initial.xml", null, defaultImplementation));

this.isLoaded = true;
}
</SCRIPT>

<META content="MSHTML 6.00.2800.1264" name=GENERATOR></HEAD><FRAMESET border=0
frameSpacing=0 rows=30,*,20 frameBorder=0><FRAME name=banner marginWidth=0
marginHeight=0 src="stage1i2_files/banner" frameBorder=0 noResize
scrolling=no><FRAMESET border=0 cols=170,*><FRAME name=state marginWidth=0
marginHeight=0 src="stage1i2_files/stage2-state" frameBorder=0 noResize
scrolling=no><FRAME name=context marginWidth=0 marginHeight=0
src="stage1i2_files/context-executing" frameBorder=0 noResize
scrolling=no></FRAMESET><FRAME name=baseline marginWidth=0 marginHeight=0
src="stage1i2_files/baseline" frameBorder=0 noResize
scrolling=no></FRAMESET></HTML>

I do hope this is correct....

Yours thank fully

Mojomike

Previous topic:
http://forums.spybot.info/showthread.php?t=7677
little eagle
2006-11-30, 15:40
Download and run - ATF Cleaner instructions here. (http://forums.security-central.us/showthread.php?t=1925)


Then run Panda (http://www.pandasoftware.com/products/ActiveScan.htm)and post the results here.
mojomike
2006-12-01, 00:19
Hi :)

Thank you so much for your advice on installing and running the ATF Cleaner and also running Panda active scan once again.
I had previously scanned my p.c. with Panda since I posted my log here.
The result was the same as this time ... nothing was found. I looked for a log and also tried to read the FAQ but to no avail I could not find how to get and save a log to copy for your report.
Would you please advise me of my next move, as i clearly still have a problem as when i look on my Application list on my firewall, I still can see iexplore exe :eek: tacked on to the end of "Internet Explorer" and "Windows Explorer"

Thank you :bigthumb:

Mojomike
little eagle
2006-12-01, 01:04
Download and install AVG Anti-Spyware. Then scan and post the report here.
Instructions and download link can be found here (http://forums.security-central.us/showthread.php?t=3165).
mojomike
2006-12-01, 01:36
Logfile of HijackThis v1.99.1
Scan saved at 00:33:52, on 01/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Sygate firewall\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\atievxx.exe
E:\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
E:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
E:\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Mozilla Firefox\firefox.exe
C:\AntiSpyWare\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] E:\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [ares] "E:\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Sygate firewall\smc.exe

Thanks :)
little eagle
2006-12-01, 03:12
Can I see the log from the scan?
mojomike
2006-12-01, 16:31
Hi

Please bear with me as I think I misunderstood you, regarding which log to use.:oops: .. because I had already installed the new AVG spyware ..I thought it was that you wanted me to use, However when i checked out your link..I think it was the ewido anti-spyware you wanted ... I tried to download it, but because my computer does not allow Active X ..I had to use the mini download. :red:
Whilst I was using it....My AVG did its own updating ...which seamed to bring ewido to come to a halt.... although it found one piece of malware... which i cleaned up...but it did not stipulate what it was.........So I carried on with a fresh scan, which, took in total, over 4 hours with nothing found .... I have tried to find out how to get a report from it...yet with no avail .... sorry ...

According to my firewall application "iexplore":sick: is still piggy backing on Windows and Internet Explorer..

Thanks

Mojomike ;)
mojomike
2006-12-01, 16:39
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:01:02 01/12/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.


::Report end
little eagle
2006-12-01, 16:55
That is a Alexa registry entry Registry key that creates a menu item that points to a local web page that points to an MSN search page that uses the Alexa engine. You can delete it if you like.
mojomike
2006-12-01, 19:39
Will do... Is there anything else I can do please ?

Thank you

Mojomike
little eagle
2006-12-01, 23:09
Click start > control panel > user accounts > change the way users log on or off > uncheck fast user switching > restart you computor.

Download, unzip and run 'RootkitRevealer' from Sysinternals:
http://www.sysinternals.com/Utilities/RootkitRevealer.html
Once the program has started, press Scan and let it run.
When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Save your Log File
Copy/Paste the contecnts of that logfile into your next reply

NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

That way you should have a much simpler and clearer log file in which to pursue and evaluate.
LonnyRJones
2006-12-11, 11:27
mojomike ?
tashi
2006-12-20, 08:20
This topic is closed due to lack of a response. :scratch:

If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.