Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked start page, etc.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby agrarianmonk » August 1st, 2006, 11:47 am

Looks like the logs got cut off. Can you post the rest of them in separate posts?
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove

Unread postby Sanderr » August 1st, 2006, 11:50 am

The third part, this IS shocking... I left out the rest of the Hotbar list because this would cost me more than 5 replies I think:

C:\Documents and Settings\Martijn\Application Data\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Application Data\C2Media\Setup.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
F:\back-up\MsgPlus-301.exe/Sponsor.exe -> Downloader.Swizzor.bt : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\Cache\3BE8AA82d01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.66.220.17.154 : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\whui3h7b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Ria\Application Data\Mozilla\Firefox\Profiles\zgc36mmq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\whui3h7b.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Sander\Cookies\sander@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Richard\Cookies\richard@srch.lop[2].txt -> TrackingCookie.Lop : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@www.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\whui3h7b.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\whui3h7b.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Ria\Application Data\Mozilla\Firefox\Profiles\zgc36mmq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.333:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Ria\Application Data\Mozilla\Firefox\Profiles\zgc36mmq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Ria\Application Data\Mozilla\Firefox\Profiles\zgc36mmq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Ria\Application Data\Mozilla\Firefox\Profiles\zgc36mmq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Ria\Application Data\Mozilla\Firefox\Profiles\zgc36mmq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Martijn\Cookies\martijn@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Ria\Cookies\ria@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Sander\Cookies\sander@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Martijn\Application Data\Mozilla\Firefox\Profiles\do5c72g7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


HJT log
Logfile of HijackThis v1.99.1
Scan saved at 17:40:34, on 1-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Richfind - {C6249F9F-BE69-404F-B8F7-83E901E3811E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74 ... loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Greets, John.
Sanderr
Active Member
 
Posts: 14
Joined: July 31st, 2006, 9:29 am

Unread postby agrarianmonk » August 1st, 2006, 11:53 am

How is the PC behaving?
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby John B. » August 1st, 2006, 12:33 pm

The pc's behaving fine. I don't see any symptoms of Hotbar or Lop and I think it were some remainings of an earlier try to clean it.

Some months ago some other friend of Sander cleaned it a bit just by running some AV's and I think the only things now were Lop and those remainings (that weren't deleted by the AV's).

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby agrarianmonk » August 1st, 2006, 1:15 pm

ok, just a couple steps left:

first, reboot

then,

fix this line in hijackthis (if still present):

O4 - Global Startup: NoLop.exe


then reboot.

*******************************

This is my post for when your computer is all clean - which it currently appears to be. Please let me know if you are experiencing any other problems with your computer.

If you are not having any more problems, we have just a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
    * CHECK the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

It's also a good idea to Flush your System Restore points after ridding yourself of malware:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!


(Please respond to this thread one more time so we can mark this thread as resolved.)
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Sanderr » August 2nd, 2006, 9:34 am

Hello,

Thank you very much for helping me out with this computer.

I did the last instructions you give me except for the one of clean restorepoints, because Ewido found nothing connected to it...

Greets, John B. and Sander!

ps. Congrats with your promotion :P As Freshman on my way to this house I bought a helmet :P
Sanderr
Active Member
 
Posts: 14
Joined: July 31st, 2006, 9:29 am

Unread postby Sanderr » August 2nd, 2006, 9:49 am

Heey,

I'm now at an other account of this computer and this one is still infected with Lop as I see from that toolbar and popups. What should I do now?

Greets, John.
Sanderr
Active Member
 
Posts: 14
Joined: July 31st, 2006, 9:29 am

Unread postby Sanderr » August 2nd, 2006, 9:55 am

Heey,

This account is one big mess, the war isn't over :shock:

I ran HJT but I got all kind of errors and it didn't want to save a logfile...

Greets, John.
Sanderr
Active Member
 
Posts: 14
Joined: July 31st, 2006, 9:29 am

Unread postby agrarianmonk » August 2nd, 2006, 10:40 am

rename Hijackthis to HJT and then try to save one.

Let me know if it works.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby John B. » August 2nd, 2006, 11:31 am

I just got home and I agree with your reply, but can't the problem of a not running HJT be that this infected user hasn't got administrator rights?
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby agrarianmonk » August 2nd, 2006, 12:41 pm

I don't believe so...you should still be able to run Hijackthis even if you don't have administrator rights.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Sanderr » August 11th, 2006, 2:16 pm

Heey,

Sorry for the amazing delay, but I didn't really have the time to visit my friend.

One account is clean and hasn't got problems.

The next account is still infected. I didn't have access to change the name of HijackThis, to access the hosts file (so get possible lines into the HJT log), to save the log at the normal place.

Though I've got a log, saved at my desktop...

Logfile of HijackThis v1.99.1
Scan saved at 20:11:01, on 11-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Martijn\Local Settings\Application Data\Skype\Phone\Skype.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.srtbzuhhhwugscskl.com/io2FDD ... dqtRB.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spelletjes.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FilmOnlineBarbSoap] C:\Documents and Settings\All Users\Application Data\lies stupid film online\ARMY GLOBAL.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [AXIS SIXTH] C:\DOCUME~1\Martijn\APPLIC~1\DVDBLU~1\ante stop.exe
O4 - HKCU\..\Run: [CREATIVE LOGO STYLE REGS] C:\Documents and Settings\All Users\Application Data\aceidlecreativelogo\BOLTKIND.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Martijn\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Richfind - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Richfind - {C6249F9F-BE69-404F-B8F7-83E901E3811E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74 ... loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

My friend goes on vacation from next Monday to the following Monday, please don't archive this topic though!

Greets, John.
Sanderr
Active Member
 
Posts: 14
Joined: July 31st, 2006, 9:29 am

Unread postby agrarianmonk » August 11th, 2006, 2:19 pm

do you still have the NoLop program?

Run it without inputing a CLSID, and post the log and a new HJT log.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Sanderr » August 15th, 2006, 1:29 pm

Hello,

Here I'm again. Hope your exams or something like that are going fine ;)

I downloaded NoLop to the desktop of the infected account. When I click 'Search and Destroy' the computer nags about permission.
As I said before, I wasn't allowed to run HJT (I did it in some way eventually) and no I'm not allowed to fix Lop.

Should I ask the person who made this account having no access to do anything?

Greets, John.

ps. Vsmon.exe was nagging 2 sec ago. Some files have been damaged (in the folder 'Internet Logs') and he wants me to fix it using CHKDSK (or something similar). I tried Start > Run > CHKDSK (or something similar), a dos window came up, checked some things but then closed. The warning was showed after that.
Sanderr
Active Member
 
Posts: 14
Joined: July 31st, 2006, 9:29 am

Unread postby agrarianmonk » August 16th, 2006, 1:14 am

hmm...we can fix lop manually:

Create a Startup List[/u]

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware