Jump to content


Photo

spycatcher


  • Please log in to reply
4 replies to this topic

#1 cheese12

cheese12

    New Member

  • Member
  • 3 posts

Posted 16 April 2005 - 09:27 AM

Hello again, I have already sent a log but forget to tell you a few of the symptoms of my pc and give you my email address.

Red spyware screen with the black box as screen saver and right click disabled
Printer no longer responding

email address - (removed email address:lpp)

thankyou for your help

Paul

log -


Logfile of HijackThis v1.99.1
Scan saved at 09:47:09, on 16/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [Vhu] C:\WINDOWS\SYSTEM\Kvc.exe
O4 - HKLM\..\Run: [Uai] C:\WINDOWS\SYSTEM\Rds.exe
O4 - HKLM\..\Run: [Qil] C:\WINDOWS\SYSTEM\Fjt.exe
O4 - HKLM\..\Run: [Okn] C:\WINDOWS\Dgg.exe
O4 - HKLM\..\Run: [Ckq] C:\WINDOWS\Ith.exe
O4 - HKLM\..\Run: [Crj] C:\WINDOWS\SYSTEM\Jqu.exe
O4 - HKLM\..\Run: [Ecs] C:\WINDOWS\Aid.exe
O4 - HKLM\..\Run: [Tve] C:\WINDOWS\Ncl.exe
O4 - HKLM\..\Run: [Cva] C:\WINDOWS\SYSTEM\Ctd.exe
O4 - HKLM\..\Run: [Rvd] C:\WINDOWS\Mcn.exe
O4 - HKLM\..\Run: [Efn] C:\WINDOWS\Pqu.exe
O4 - HKLM\..\Run: [Fqr] C:\WINDOWS\SYSTEM\Iri.exe
O4 - HKLM\..\Run: [Bmi] C:\WINDOWS\Nhv.exe
O4 - HKLM\..\Run: [Hpi] C:\WINDOWS\Hpe.exe
O4 - HKLM\..\Run: [Cih] C:\WINDOWS\Eji.exe
O4 - HKLM\..\Run: [Drq] C:\WINDOWS\Qgb.exe
O4 - HKLM\..\Run: [Hqm] C:\WINDOWS\SYSTEM\Tft.exe
O4 - HKLM\..\Run: [Ebf] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Vhu] C:\WINDOWS\SYSTEM\Kvc.exe
O4 - HKCU\..\Run: [Uai] C:\WINDOWS\SYSTEM\Rds.exe
O4 - HKCU\..\Run: [Qil] C:\WINDOWS\SYSTEM\Fjt.exe
O4 - HKCU\..\Run: [Okn] C:\WINDOWS\Dgg.exe
O4 - HKCU\..\Run: [Ckq] C:\WINDOWS\Ith.exe
O4 - HKCU\..\Run: [Crj] C:\WINDOWS\SYSTEM\Jqu.exe
O4 - HKCU\..\Run: [Ecs] C:\WINDOWS\Aid.exe
O4 - HKCU\..\Run: [Tve] C:\WINDOWS\Ncl.exe
O4 - HKCU\..\Run: [Cva] C:\WINDOWS\SYSTEM\Ctd.exe
O4 - HKCU\..\Run: [Rvd] C:\WINDOWS\Mcn.exe
O4 - HKCU\..\Run: [Efn] C:\WINDOWS\Pqu.exe
O4 - HKCU\..\Run: [Fqr] C:\WINDOWS\SYSTEM\Iri.exe
O4 - HKCU\..\Run: [Bmi] C:\WINDOWS\Nhv.exe
O4 - HKCU\..\Run: [Hpi] C:\WINDOWS\Hpe.exe
O4 - HKCU\..\Run: [Cih] C:\WINDOWS\Eji.exe
O4 - HKCU\..\Run: [Drq] C:\WINDOWS\Qgb.exe
O4 - HKCU\..\Run: [Hqm] C:\WINDOWS\SYSTEM\Tft.exe
O4 - HKCU\..\Run: [Ebf] C:\WINDOWS\SYSTEM\Rih.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL
O9 - Extra button: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL (file missing)

#2 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,831 posts

Posted 16 April 2005 - 10:00 PM

Cheese12,

Sorry, we do not provide support by email. I have removed your email address from the post to prevent spam.


Was your HiJackTHis log produced in Safe Mode? If so, please re-run in Normal Mode and post a new log in this thread.

#3 cheese12

cheese12

    New Member

  • Member
  • 3 posts

Posted 20 April 2005 - 06:50 PM

Could anyone please tell me which bit of this are no good and should be deleted thankyou very much.
Paul.

Logfile of HijackThis v1.99.1
Scan saved at 19:51:17, on 20/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\KVC.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\FXIEGWFR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [Vhu] C:\WINDOWS\SYSTEM\Kvc.exe
O4 - HKLM\..\Run: [Uai] C:\WINDOWS\SYSTEM\Rds.exe
O4 - HKLM\..\Run: [Qil] C:\WINDOWS\SYSTEM\Fjt.exe
O4 - HKLM\..\Run: [Okn] C:\WINDOWS\Dgg.exe
O4 - HKLM\..\Run: [Ckq] C:\WINDOWS\Ith.exe
O4 - HKLM\..\Run: [Crj] C:\WINDOWS\SYSTEM\Jqu.exe
O4 - HKLM\..\Run: [Ecs] C:\WINDOWS\Aid.exe
O4 - HKLM\..\Run: [Tve] C:\WINDOWS\Ncl.exe
O4 - HKLM\..\Run: [Cva] C:\WINDOWS\SYSTEM\Ctd.exe
O4 - HKLM\..\Run: [Rvd] C:\WINDOWS\Mcn.exe
O4 - HKLM\..\Run: [Efn] C:\WINDOWS\Pqu.exe
O4 - HKLM\..\Run: [Fqr] C:\WINDOWS\SYSTEM\Iri.exe
O4 - HKLM\..\Run: [Bmi] C:\WINDOWS\Nhv.exe
O4 - HKLM\..\Run: [Hpi] C:\WINDOWS\Hpe.exe
O4 - HKLM\..\Run: [Cih] C:\WINDOWS\Eji.exe
O4 - HKLM\..\Run: [Drq] C:\WINDOWS\Qgb.exe
O4 - HKLM\..\Run: [Hqm] C:\WINDOWS\SYSTEM\Tft.exe
O4 - HKLM\..\Run: [Ebf] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKLM\..\Run: [Vtf] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Fdu] C:\WINDOWS\Ghr.exe
O4 - HKLM\..\Run: [Ude] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKLM\..\Run: [Kmf] C:\WINDOWS\SYSTEM\Cvq.exe
O4 - HKLM\..\Run: [Ctn] C:\WINDOWS\SYSTEM\Cem.exe
O4 - HKLM\..\Run: [Okh] C:\WINDOWS\SYSTEM\Tqm.exe
O4 - HKLM\..\Run: [Dns] C:\WINDOWS\Flv.exe
O4 - HKLM\..\Run: [Heb] C:\WINDOWS\SYSTEM\Fjm.exe
O4 - HKLM\..\Run: [Kli] C:\WINDOWS\Bda.exe
O4 - HKLM\..\Run: [Lcf] C:\WINDOWS\Jtd.exe
O4 - HKLM\..\Run: [Cor] C:\WINDOWS\SYSTEM\Uob.exe
O4 - HKLM\..\Run: [Hks] C:\WINDOWS\SYSTEM\Vvo.exe
O4 - HKLM\..\Run: [Ile] C:\WINDOWS\Enh.exe
O4 - HKLM\..\Run: [Hdi] C:\WINDOWS\SYSTEM\Lhd.exe
O4 - HKLM\..\Run: [Uje] C:\WINDOWS\Rjr.exe
O4 - HKLM\..\Run: [Vuf] C:\WINDOWS\SYSTEM\Plb.exe
O4 - HKLM\..\Run: [Cab] C:\WINDOWS\SYSTEM\Hsq.exe
O4 - HKLM\..\Run: [Vsb] C:\WINDOWS\Rcj.exe
O4 - HKLM\..\Run: [Vdq] C:\WINDOWS\Rmv.exe
O4 - HKLM\..\Run: [Mie] C:\WINDOWS\Ivc.exe
O4 - HKLM\..\Run: [Ijo] C:\WINDOWS\SYSTEM\Tqd.exe
O4 - HKLM\..\Run: [Scj] C:\WINDOWS\Mbt.exe
O4 - HKLM\..\Run: [Mga] C:\WINDOWS\Atn.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\Rsi.exe
O4 - HKLM\..\Run: [Huh] C:\WINDOWS\SYSTEM\Qol.exe
O4 - HKLM\..\Run: [Lbj] C:\WINDOWS\Rhs.exe
O4 - HKLM\..\Run: [Bqd] C:\WINDOWS\Otj.exe
O4 - HKLM\..\Run: [Iah] C:\WINDOWS\Bqc.exe
O4 - HKLM\..\Run: [Ljb] C:\WINDOWS\Ded.exe
O4 - HKLM\..\Run: [Hnt] C:\WINDOWS\Rht.exe
O4 - HKLM\..\Run: [Dpg] C:\WINDOWS\Rat.exe
O4 - HKLM\..\Run: [Gli] C:\WINDOWS\SYSTEM\Has.exe
O4 - HKLM\..\Run: [Uuk] C:\WINDOWS\Aef.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\SYSTEM\Dpv.exe
O4 - HKLM\..\Run: [Hjg] C:\WINDOWS\SYSTEM\Qtc.exe
O4 - HKLM\..\Run: [Adj] C:\WINDOWS\Fle.exe
O4 - HKLM\..\Run: [Pik] C:\WINDOWS\Ggh.exe
O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKLM\..\Run: [Nap] C:\WINDOWS\Fdq.exe
O4 - HKLM\..\Run: [Sqa] C:\WINDOWS\Iba.exe
O4 - HKLM\..\Run: [Ulq] C:\WINDOWS\Stb.exe
O4 - HKLM\..\Run: [Ckp] C:\WINDOWS\Uhu.exe
O4 - HKLM\..\Run: [Iij] C:\WINDOWS\SYSTEM\Gqn.exe
O4 - HKLM\..\Run: [Rkf] C:\WINDOWS\SYSTEM\Tkq.exe
O4 - HKLM\..\Run: [Dbt] C:\WINDOWS\Mdk.exe
O4 - HKLM\..\Run: [Ebr] C:\WINDOWS\SYSTEM\Qib.exe
O4 - HKLM\..\Run: [Qop] C:\WINDOWS\Mai.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Vhu] C:\WINDOWS\SYSTEM\Kvc.exe
O4 - HKCU\..\Run: [Uai] C:\WINDOWS\SYSTEM\Rds.exe
O4 - HKCU\..\Run: [Qil] C:\WINDOWS\SYSTEM\Fjt.exe
O4 - HKCU\..\Run: [Okn] C:\WINDOWS\Dgg.exe
O4 - HKCU\..\Run: [Ckq] C:\WINDOWS\Ith.exe
O4 - HKCU\..\Run: [Crj] C:\WINDOWS\SYSTEM\Jqu.exe
O4 - HKCU\..\Run: [Ecs] C:\WINDOWS\Aid.exe
O4 - HKCU\..\Run: [Tve] C:\WINDOWS\Ncl.exe
O4 - HKCU\..\Run: [Cva] C:\WINDOWS\SYSTEM\Ctd.exe
O4 - HKCU\..\Run: [Rvd] C:\WINDOWS\Mcn.exe
O4 - HKCU\..\Run: [Efn] C:\WINDOWS\Pqu.exe
O4 - HKCU\..\Run: [Fqr] C:\WINDOWS\SYSTEM\Iri.exe
O4 - HKCU\..\Run: [Bmi] C:\WINDOWS\Nhv.exe
O4 - HKCU\..\Run: [Hpi] C:\WINDOWS\Hpe.exe
O4 - HKCU\..\Run: [Cih] C:\WINDOWS\Eji.exe
O4 - HKCU\..\Run: [Drq] C:\WINDOWS\Qgb.exe
O4 - HKCU\..\Run: [Hqm] C:\WINDOWS\SYSTEM\Tft.exe
O4 - HKCU\..\Run: [Ebf] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKCU\..\Run: [Vtf] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Fdu] C:\WINDOWS\Ghr.exe
O4 - HKCU\..\Run: [Ude] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKCU\..\Run: [Kmf] C:\WINDOWS\SYSTEM\Cvq.exe
O4 - HKCU\..\Run: [Ctn] C:\WINDOWS\SYSTEM\Cem.exe
O4 - HKCU\..\Run: [Okh] C:\WINDOWS\SYSTEM\Tqm.exe
O4 - HKCU\..\Run: [Dns] C:\WINDOWS\Flv.exe
O4 - HKCU\..\Run: [Heb] C:\WINDOWS\SYSTEM\Fjm.exe
O4 - HKCU\..\Run: [Kli] C:\WINDOWS\Bda.exe
O4 - HKCU\..\Run: [Lcf] C:\WINDOWS\Jtd.exe
O4 - HKCU\..\Run: [Cor] C:\WINDOWS\SYSTEM\Uob.exe
O4 - HKCU\..\Run: [Hks] C:\WINDOWS\SYSTEM\Vvo.exe
O4 - HKCU\..\Run: [Ile] C:\WINDOWS\Enh.exe
O4 - HKCU\..\Run: [Hdi] C:\WINDOWS\SYSTEM\Lhd.exe
O4 - HKCU\..\Run: [Uje] C:\WINDOWS\Rjr.exe
O4 - HKCU\..\Run: [Vuf] C:\WINDOWS\SYSTEM\Plb.exe
O4 - HKCU\..\Run: [Cab] C:\WINDOWS\SYSTEM\Hsq.exe
O4 - HKCU\..\Run: [Vsb] C:\WINDOWS\Rcj.exe
O4 - HKCU\..\Run: [Vdq] C:\WINDOWS\Rmv.exe
O4 - HKCU\..\Run: [Mie] C:\WINDOWS\Ivc.exe
O4 - HKCU\..\Run: [Ijo] C:\WINDOWS\SYSTEM\Tqd.exe
O4 - HKCU\..\Run: [Scj] C:\WINDOWS\Mbt.exe
O4 - HKCU\..\Run: [Mga] C:\WINDOWS\Atn.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\Rsi.exe
O4 - HKCU\..\Run: [Huh] C:\WINDOWS\SYSTEM\Qol.exe
O4 - HKCU\..\Run: [Lbj] C:\WINDOWS\Rhs.exe
O4 - HKCU\..\Run: [Bqd] C:\WINDOWS\Otj.exe
O4 - HKCU\..\Run: [Iah] C:\WINDOWS\Bqc.exe
O4 - HKCU\..\Run: [Ljb] C:\WINDOWS\Ded.exe
O4 - HKCU\..\Run: [Hnt] C:\WINDOWS\Rht.exe
O4 - HKCU\..\Run: [Dpg] C:\WINDOWS\Rat.exe
O4 - HKCU\..\Run: [Gli] C:\WINDOWS\SYSTEM\Has.exe
O4 - HKCU\..\Run: [Uuk] C:\WINDOWS\Aef.exe
O4 - HKCU\..\Run: [Jrt] C:\WINDOWS\SYSTEM\Dpv.exe
O4 - HKCU\..\Run: [Hjg] C:\WINDOWS\SYSTEM\Qtc.exe
O4 - HKCU\..\Run: [Adj] C:\WINDOWS\Fle.exe
O4 - HKCU\..\Run: [Pik] C:\WINDOWS\Ggh.exe
O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKCU\..\Run: [Nap] C:\WINDOWS\Fdq.exe
O4 - HKCU\..\Run: [Sqa] C:\WINDOWS\Iba.exe
O4 - HKCU\..\Run: [Ulq] C:\WINDOWS\Stb.exe
O4 - HKCU\..\Run: [Ckp] C:\WINDOWS\Uhu.exe
O4 - HKCU\..\Run: [Iij] C:\WINDOWS\SYSTEM\Gqn.exe
O4 - HKCU\..\Run: [Rkf] C:\WINDOWS\SYSTEM\Tkq.exe
O4 - HKCU\..\Run: [Dbt] C:\WINDOWS\Mdk.exe
O4 - HKCU\..\Run: [Ebr] C:\WINDOWS\SYSTEM\Qib.exe
O4 - HKCU\..\Run: [Qop] C:\WINDOWS\Mai.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL
O9 - Extra button: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {6B0F5E8B-9CAB-47B3-B9AD-404E65998FBB} - C:\WINDOWS\SYSTEM\IEGFXFRW.DLL (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL (file missing)

cheers for looking

#4 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,831 posts

Posted 20 April 2005 - 07:27 PM

This fix is only Windows 98 or ME

Download and Save spywad9xremove to your computer from this link: http://www.thespykil...wad9xremove.exe

Double click on the spywad9xremove.exe file and it will automatically extract to c:\spywad9x where it needs to be to run and will automatically open the 98 remove spywad.vbs script for you ready to paste in the line mentioned below

If it doesn't open then go to c:\spywad9x and double click on the 98 remove spywad.vbs Do not run any other file from there please unless asked to

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

It will open an Input box. Paste this line into the box:
C:\WINDOWS\SYSTEM\KVC.EXE

The script will kill that process, backup and then delete any matching files in windows System and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad9x Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.


** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries and anything else as instructed by your Advisor on the forums.

If hijackthis doesn't start, run it manually.

--------------------------
When finished, post the contents of Spywad.txt and a new Hijackthis log.

If the files deleted are all found to be part of the infection and nothing important has been deleted, you will be instructed to delete the entire Spywad Folder after you have cleaned up all other User Profiles on that system.


Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named 98 registry only.vbs

Have each User sign in and run 98 registry only.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the C:\Spywad9x folder. Double click on 98 registry only.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

Then run hijackthis and remove the entries as directed by your Forum Advisor.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then either reboot or log off & on again to change the desktop settings

You will need to do this step for every user account


Here are the HiJackTHis instructions:
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Check the following items in HijackThis.
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)

O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [Vhu] C:\WINDOWS\SYSTEM\Kvc.exe
O4 - HKLM\..\Run: [Uai] C:\WINDOWS\SYSTEM\Rds.exe
O4 - HKLM\..\Run: [Qil] C:\WINDOWS\SYSTEM\Fjt.exe
O4 - HKLM\..\Run: [Okn] C:\WINDOWS\Dgg.exe
O4 - HKLM\..\Run: [Ckq] C:\WINDOWS\Ith.exe
O4 - HKLM\..\Run: [Crj] C:\WINDOWS\SYSTEM\Jqu.exe
O4 - HKLM\..\Run: [Ecs] C:\WINDOWS\Aid.exe
O4 - HKLM\..\Run: [Tve] C:\WINDOWS\Ncl.exe
O4 - HKLM\..\Run: [Cva] C:\WINDOWS\SYSTEM\Ctd.exe
O4 - HKLM\..\Run: [Rvd] C:\WINDOWS\Mcn.exe
O4 - HKLM\..\Run: [Efn] C:\WINDOWS\Pqu.exe
O4 - HKLM\..\Run: [Fqr] C:\WINDOWS\SYSTEM\Iri.exe
O4 - HKLM\..\Run: [Bmi] C:\WINDOWS\Nhv.exe
O4 - HKLM\..\Run: [Hpi] C:\WINDOWS\Hpe.exe
O4 - HKLM\..\Run: [Cih] C:\WINDOWS\Eji.exe
O4 - HKLM\..\Run: [Drq] C:\WINDOWS\Qgb.exe
O4 - HKLM\..\Run: [Hqm] C:\WINDOWS\SYSTEM\Tft.exe
O4 - HKLM\..\Run: [Ebf] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKLM\..\Run: [Vtf] C:\WINDOWS\Huf.exe
O4 - HKLM\..\Run: [Fdu] C:\WINDOWS\Ghr.exe
O4 - HKLM\..\Run: [Ude] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKLM\..\Run: [Kmf] C:\WINDOWS\SYSTEM\Cvq.exe
O4 - HKLM\..\Run: [Ctn] C:\WINDOWS\SYSTEM\Cem.exe
O4 - HKLM\..\Run: [Okh] C:\WINDOWS\SYSTEM\Tqm.exe
O4 - HKLM\..\Run: [Dns] C:\WINDOWS\Flv.exe
O4 - HKLM\..\Run: [Heb] C:\WINDOWS\SYSTEM\Fjm.exe
O4 - HKLM\..\Run: [Kli] C:\WINDOWS\Bda.exe
O4 - HKLM\..\Run: [Lcf] C:\WINDOWS\Jtd.exe
O4 - HKLM\..\Run: [Cor] C:\WINDOWS\SYSTEM\Uob.exe
O4 - HKLM\..\Run: [Hks] C:\WINDOWS\SYSTEM\Vvo.exe
O4 - HKLM\..\Run: [Ile] C:\WINDOWS\Enh.exe
O4 - HKLM\..\Run: [Hdi] C:\WINDOWS\SYSTEM\Lhd.exe
O4 - HKLM\..\Run: [Uje] C:\WINDOWS\Rjr.exe
O4 - HKLM\..\Run: [Vuf] C:\WINDOWS\SYSTEM\Plb.exe
O4 - HKLM\..\Run: [Cab] C:\WINDOWS\SYSTEM\Hsq.exe
O4 - HKLM\..\Run: [Vsb] C:\WINDOWS\Rcj.exe
O4 - HKLM\..\Run: [Vdq] C:\WINDOWS\Rmv.exe
O4 - HKLM\..\Run: [Mie] C:\WINDOWS\Ivc.exe
O4 - HKLM\..\Run: [Ijo] C:\WINDOWS\SYSTEM\Tqd.exe
O4 - HKLM\..\Run: [Scj] C:\WINDOWS\Mbt.exe
O4 - HKLM\..\Run: [Mga] C:\WINDOWS\Atn.exe
O4 - HKLM\..\Run: [Ftq] C:\WINDOWS\Rsi.exe
O4 - HKLM\..\Run: [Huh] C:\WINDOWS\SYSTEM\Qol.exe
O4 - HKLM\..\Run: [Lbj] C:\WINDOWS\Rhs.exe
O4 - HKLM\..\Run: [Bqd] C:\WINDOWS\Otj.exe
O4 - HKLM\..\Run: [Iah] C:\WINDOWS\Bqc.exe
O4 - HKLM\..\Run: [Ljb] C:\WINDOWS\Ded.exe
O4 - HKLM\..\Run: [Hnt] C:\WINDOWS\Rht.exe
O4 - HKLM\..\Run: [Dpg] C:\WINDOWS\Rat.exe
O4 - HKLM\..\Run: [Gli] C:\WINDOWS\SYSTEM\Has.exe
O4 - HKLM\..\Run: [Uuk] C:\WINDOWS\Aef.exe
O4 - HKLM\..\Run: [Jrt] C:\WINDOWS\SYSTEM\Dpv.exe
O4 - HKLM\..\Run: [Hjg] C:\WINDOWS\SYSTEM\Qtc.exe
O4 - HKLM\..\Run: [Adj] C:\WINDOWS\Fle.exe
O4 - HKLM\..\Run: [Pik] C:\WINDOWS\Ggh.exe
O4 - HKLM\..\Run: [Qlf] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKLM\..\Run: [Nap] C:\WINDOWS\Fdq.exe
O4 - HKLM\..\Run: [Sqa] C:\WINDOWS\Iba.exe
O4 - HKLM\..\Run: [Ulq] C:\WINDOWS\Stb.exe
O4 - HKLM\..\Run: [Ckp] C:\WINDOWS\Uhu.exe
O4 - HKLM\..\Run: [Iij] C:\WINDOWS\SYSTEM\Gqn.exe
O4 - HKLM\..\Run: [Rkf] C:\WINDOWS\SYSTEM\Tkq.exe
O4 - HKLM\..\Run: [Dbt] C:\WINDOWS\Mdk.exe
O4 - HKLM\..\Run: [Ebr] C:\WINDOWS\SYSTEM\Qib.exe
O4 - HKLM\..\Run: [Qop] C:\WINDOWS\Mai.exe
O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Vhu] C:\WINDOWS\SYSTEM\Kvc.exe
O4 - HKCU\..\Run: [Uai] C:\WINDOWS\SYSTEM\Rds.exe
O4 - HKCU\..\Run: [Qil] C:\WINDOWS\SYSTEM\Fjt.exe
O4 - HKCU\..\Run: [Okn] C:\WINDOWS\Dgg.exe
O4 - HKCU\..\Run: [Ckq] C:\WINDOWS\Ith.exe
O4 - HKCU\..\Run: [Crj] C:\WINDOWS\SYSTEM\Jqu.exe
O4 - HKCU\..\Run: [Ecs] C:\WINDOWS\Aid.exe
O4 - HKCU\..\Run: [Tve] C:\WINDOWS\Ncl.exe
O4 - HKCU\..\Run: [Cva] C:\WINDOWS\SYSTEM\Ctd.exe
O4 - HKCU\..\Run: [Rvd] C:\WINDOWS\Mcn.exe
O4 - HKCU\..\Run: [Efn] C:\WINDOWS\Pqu.exe
O4 - HKCU\..\Run: [Fqr] C:\WINDOWS\SYSTEM\Iri.exe
O4 - HKCU\..\Run: [Bmi] C:\WINDOWS\Nhv.exe
O4 - HKCU\..\Run: [Hpi] C:\WINDOWS\Hpe.exe
O4 - HKCU\..\Run: [Cih] C:\WINDOWS\Eji.exe
O4 - HKCU\..\Run: [Drq] C:\WINDOWS\Qgb.exe
O4 - HKCU\..\Run: [Hqm] C:\WINDOWS\SYSTEM\Tft.exe
O4 - HKCU\..\Run: [Ebf] C:\WINDOWS\SYSTEM\Rih.exe
O4 - HKCU\..\Run: [Vtf] C:\WINDOWS\Huf.exe
O4 - HKCU\..\Run: [Fdu] C:\WINDOWS\Ghr.exe
O4 - HKCU\..\Run: [Ude] C:\WINDOWS\SYSTEM\Fbi.exe
O4 - HKCU\..\Run: [Kmf] C:\WINDOWS\SYSTEM\Cvq.exe
O4 - HKCU\..\Run: [Ctn] C:\WINDOWS\SYSTEM\Cem.exe
O4 - HKCU\..\Run: [Okh] C:\WINDOWS\SYSTEM\Tqm.exe
O4 - HKCU\..\Run: [Dns] C:\WINDOWS\Flv.exe
O4 - HKCU\..\Run: [Heb] C:\WINDOWS\SYSTEM\Fjm.exe
O4 - HKCU\..\Run: [Kli] C:\WINDOWS\Bda.exe
O4 - HKCU\..\Run: [Lcf] C:\WINDOWS\Jtd.exe
O4 - HKCU\..\Run: [Cor] C:\WINDOWS\SYSTEM\Uob.exe
O4 - HKCU\..\Run: [Hks] C:\WINDOWS\SYSTEM\Vvo.exe
O4 - HKCU\..\Run: [Ile] C:\WINDOWS\Enh.exe
O4 - HKCU\..\Run: [Hdi] C:\WINDOWS\SYSTEM\Lhd.exe
O4 - HKCU\..\Run: [Uje] C:\WINDOWS\Rjr.exe
O4 - HKCU\..\Run: [Vuf] C:\WINDOWS\SYSTEM\Plb.exe
O4 - HKCU\..\Run: [Cab] C:\WINDOWS\SYSTEM\Hsq.exe
O4 - HKCU\..\Run: [Vsb] C:\WINDOWS\Rcj.exe
O4 - HKCU\..\Run: [Vdq] C:\WINDOWS\Rmv.exe
O4 - HKCU\..\Run: [Mie] C:\WINDOWS\Ivc.exe
O4 - HKCU\..\Run: [Ijo] C:\WINDOWS\SYSTEM\Tqd.exe
O4 - HKCU\..\Run: [Scj] C:\WINDOWS\Mbt.exe
O4 - HKCU\..\Run: [Mga] C:\WINDOWS\Atn.exe
O4 - HKCU\..\Run: [Ftq] C:\WINDOWS\Rsi.exe
O4 - HKCU\..\Run: [Huh] C:\WINDOWS\SYSTEM\Qol.exe
O4 - HKCU\..\Run: [Lbj] C:\WINDOWS\Rhs.exe
O4 - HKCU\..\Run: [Bqd] C:\WINDOWS\Otj.exe
O4 - HKCU\..\Run: [Iah] C:\WINDOWS\Bqc.exe
O4 - HKCU\..\Run: [Ljb] C:\WINDOWS\Ded.exe
O4 - HKCU\..\Run: [Hnt] C:\WINDOWS\Rht.exe
O4 - HKCU\..\Run: [Dpg] C:\WINDOWS\Rat.exe
O4 - HKCU\..\Run: [Gli] C:\WINDOWS\SYSTEM\Has.exe
O4 - HKCU\..\Run: [Uuk] C:\WINDOWS\Aef.exe
O4 - HKCU\..\Run: [Jrt] C:\WINDOWS\SYSTEM\Dpv.exe
O4 - HKCU\..\Run: [Hjg] C:\WINDOWS\SYSTEM\Qtc.exe
O4 - HKCU\..\Run: [Adj] C:\WINDOWS\Fle.exe
O4 - HKCU\..\Run: [Pik] C:\WINDOWS\Ggh.exe
O4 - HKCU\..\Run: [Qlf] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKCU\..\Run: [Nap] C:\WINDOWS\Fdq.exe
O4 - HKCU\..\Run: [Sqa] C:\WINDOWS\Iba.exe
O4 - HKCU\..\Run: [Ulq] C:\WINDOWS\Stb.exe
O4 - HKCU\..\Run: [Ckp] C:\WINDOWS\Uhu.exe
O4 - HKCU\..\Run: [Iij] C:\WINDOWS\SYSTEM\Gqn.exe
O4 - HKCU\..\Run: [Rkf] C:\WINDOWS\SYSTEM\Tkq.exe
O4 - HKCU\..\Run: [Dbt] C:\WINDOWS\Mdk.exe
O4 - HKCU\..\Run: [Ebr] C:\WINDOWS\SYSTEM\Qib.exe
O4 - HKCU\..\Run: [Qop] C:\WINDOWS\Mai.exe

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL (file missing)


Close all windows except HijackThis and click Fix checked.

Reboot in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\WINDOWS\ALCHEM.exe
:\PROGRAM FILES\TOOLBAR\ <-- delete entire folder
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\ <-- delete entire folder

*How to Boot into Safe mode: http://service1.syma...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.n...1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.

Then run HiJackThis again and post a new log in this thread.

#5 cheese12

cheese12

    New Member

  • Member
  • 3 posts

Posted 27 April 2005 - 10:04 PM

Id just like to thank you for you help,
my pc seems to be working like a dream now.
ta
cheese 12


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users