Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Sorry about posting on other thread...
I have the following symptoms:
constant website redirects
something appears to have banned ANY website with a reference or tag to an antivirus or cleaner.
AVG will not update
Windows is suddenly not valid
I have run AVG scan and removed several virus(es?)
SYSTEM as user keeps running multiple versions of Iexplore and iexplore even when not browser is open, can also occasionally "hear" web clicks while just on desktop.
I have also run Hijackthis and cleaned many related files manually, but it still won't let me update avg or validate windows.
I am fairly computer literate but no guru, any help would be wonderfulPS:
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
If you cannot download and run Malwarebytes on the infected computer download it to a cd from an uninfected computer and install it from the cd on the infected computer. If you run it from the cd do not check the boxes to "update" or "run automatically" just run it from the desktop icon once it is installed.
Please download Malwarebytes' Anti-Malware from one of these sites:
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0 
ok malware's log:
Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 39/30/2008 11:57:58 PM
mbam-log-2008-09-30 (23-57-58).txtScan type: Quick Scan
Objects scanned: 48420
Time elapsed: 4 minute(s), 34 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 22Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0bb69e0c8f7404d4b92477b0f0bd1845 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0bb69e0c8f7404d4b92477b0f0bd1845 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0018abc (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\errorkiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\errorkiller\ (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\errorkiller\ (Rogue.ErrorKiller) -> Quarantined and deleted successfully.Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.Folders Infected:
C:\Program Files\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.Files Infected:
C:\WINDOWS\eevl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rwlfsdmk.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Local Settings\Temp\_A00F58FB0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Local Settings\Temp\_A00F6E06C.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\DataBase.ref (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\ErrorKiller.exe (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\ErrorKiller.url (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\RegCleaner.dll (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\TCL.dll (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\zlib.dll (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller\ErrorKiller on the Web.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller\ErrorKiller.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Application Data\ErrorKiller\Log\2008 Sep 30 - 09_12_01 PM_010.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Application Data\ErrorKiller\Registry Backups\2008-09-30_21-13-08.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\ErrorKiller.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0088993.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\onfwbsak.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fbxrqtwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\u\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
and hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:04, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe--
End of file - 3572 bytes
any help is appreciated FYI: it didn't ask for a reboot and i havent rebooted it yetIt is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
i can already tell you it fixed SOMETHING, i am now able to navigate to avg, and opened avg and ran updater and IT finally worked, still havent checked to validate windows, will see if that is fixed in a minute
wooooot thanks a ton, that already makes me happy, and comp hasn't even had to reboot yet
added: well, maybe i spoke too soon, it let me update avg, but when i tried to scan again it acted kind of crazy and shut down all its services then restarted them, and windows still wont validateIt is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, Ad-Aware and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
combofix file contents:
ComboFix 08-09-30.03 - u 2008-10-01 1:17:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.259 [GMT -4:00]
Running from: C:\Documents and Settings\u\Desktop\ComboFix.exe
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\xcrashdump.dat.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.2008-09-30 23:50 . 2008-09-30 23:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 23:50 . 2008-09-30 23:50 <DIR> d-------- C:\Documents and Settings\u\Application Data\Malwarebytes
2008-09-30 23:50 . 2008-09-30 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 23:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 23:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 08:33 . 2008-09-30 08:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-09-30 08:05 . 2008-09-30 08:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-29 12:20 . 2008-09-29 12:42 <DIR> d-------- C:\Documents and Settings\u\Application Data\TmpRecentIcons
2008-09-29 09:48 . 2008-09-29 09:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-29 09:48 . 2008-09-29 09:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-29 09:48 . 2008-09-29 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-29 03:32 . 2008-09-29 12:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-09-29 03:29 . 2008-10-01 00:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-29 03:29 . 2008-09-30 09:52 <DIR> d-------- C:\Documents and Settings\u\Application Data\AVGTOOLBAR
2008-09-29 03:29 . 2008-09-29 03:29 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-29 03:29 . 2008-09-29 03:29 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-29 03:29 . 2008-09-29 03:29 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-25 18:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-25 18:20 . 2008-10-01 01:23 <DIR> d-------- C:\TEMP\MTGOInstall
2008-09-25 18:10 . 2008-09-25 18:10 <DIR> d-------- C:\Program Files\Wizards of the Coast
2008-09-25 18:10 . 2008-09-25 18:22 <DIR> d-------- C:\Documents and Settings\u\Application Data\Wizards of the Coast.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-26 10:37 --------- d-----w C:\Program Files\World of Warcraft
2008-09-25 22:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-08-30 17:48 --------- d-----w C:\Program Files\GameTap
2008-08-30 17:48 --------- d-----w C:\Documents and Settings\u\Application Data\InstallShield
2008-08-23 21:53 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-23 07:06 --------- d-----w C:\Program Files\AVG
2008-08-22 13:23 --------- d-----w C:\Documents and Settings\u\Application Data\Motive
2008-08-22 12:40 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-22 12:40 --------- d-----w C:\Program Files\NETGEAR
2008-08-19 23:23 --------- d-----w C:\Program Files\Common Files\Motive
2008-08-19 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-15 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-06 06:31 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-08-06 06:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-06 03:23 --------- d-----w C:\Program Files\directx
2008-08-06 03:15 --------- d-----w C:\Program Files\Microids
2008-08-05 11:40 --------- d-----w C:\Documents and Settings\u\Application Data\AdobeUM
2008-08-05 11:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-03 23:00 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-03 22:57 --------- d-----w C:\Program Files\Common Files\L&H
2008-08-03 22:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-03 22:40 558,142 ----a-w C:\WINDOWS\java\Packages\BV37L3JT.ZIP
2008-08-03 22:40 155,995 ----a-w C:\WINDOWS\java\Packages\RPRNFXJD.ZIP
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-07-05 09:33 472,000 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2006-04-25 21:30 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.exe
2006-04-25 21:30 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-12-14 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1232152]
"nwiz"="nwiz.exe" [2005-12-14 C:\WINDOWS\system32\nwiz.exe]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 83360]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 1503232][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 96520]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 873752]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231192]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 76040]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 19712]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 18304]
S4 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osdO16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 01:23:54
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
r Running Proce
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-01 1:26:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 05:26:32Pre-Run: 20,623,343,616 bytes free
Post-Run: 20,807,372,800 bytes free167 --- E O F --- 2008-09-10 06:44:04
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Looks much better.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Please run Esets online scanner from this link:
1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( Iwant to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.
0
ok here is eset log:
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3486 (20081001)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=5a1c141e8d41324ba809a2b9f0ece17c
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-01 03:59:13
# local_time=2008-10-01 11:59:13 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=127778
# found=3
# scan_time=1977
C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir Win32/Agent.ODG trojan 151046484AEF8DE49A459F2340F09190
C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir Win32/Agent.OGC trojan 335915A73568AE9BF532C41DF91A3B31
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\tdssserv.sys.vir Win32/Agent.ODG trojan C9B36AE929D020240A91FF5200E8FE80It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Your computer is clean.
Go to start> run> type in combofix /u (note the space after combofix) then press enter. Give it a minute. This will uninstall Combofix and its C:\Qoobox quarantine folder.
Go to start> control panel> add/remove programs and uninstall Hijack This.
You should keep Malwarebytes and AFT Cleaner.
Restart Ad-Aware.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
How is the computer operating?
0
thank you for all your help, it is running just great, but it STILL wont validate windows.. it has changed some setting or something, windows won't validate.. any ideas on fixing that?
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
i found this log in C:\Windows.. might tell you whats up, if not just ignore it.
[WgaNotify.log]
0.081: ================================================================================
0.081: 2008/08/23 02:50:14.097 (local)
0.081: c:\ceba2d6a2463410e443d248b8f9263\update\update.exe (version 6.3.3.0)
0.211: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.211: Hotfix started with following command line: -z
0.211: In Function GetBuildType, line 1170, RegOpenKeyEx failed with error 0x2
0.241: CreateUserInterface: DefineInstallCustomUI returned 0x0
1.833: InstallInfCatalogFile: Installing c:\ceba2d6a2463410e443d248b8f9263\update\WgaNotify.cat as _000000_.cat...
1.833: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\_000000_.cat
1.863: InstallInfCatalogFile: Installation succeeded.
1.913: ---- Old Information In The Registry ------
1.913: Source:C:\WINDOWS\system32\_000012_.tmp.dll (5.1.2600.2180)
1.913: Destination:
1.913: Source:C:\WINDOWS\system32\SET27.tmp (5.1.2600.2622)
1.913: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2180)
1.913: Source:C:\WINDOWS\system32\SET28.tmp (5.1.2600.2622)
1.913: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2180)
1.913: Source:C:\WINDOWS\system32\SET29.tmp (5.1.2600.2622)
1.913: Destination:C:\WINDOWS\system32\authz.dll (5.1.2600.2180)
1.923: Source:C:\WINDOWS\system32\SET3F.tmp (5.1.2600.2938)
1.923: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
1.923: Source:C:\WINDOWS\system32\SET40.tmp (5.1.2600.2938)
1.923: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2180)
1.923: ---- New Information In The Registry ------
1.923: Source:C:\WINDOWS\system32\_000012_.tmp.dll (5.1.2600.2180)
1.923: Destination:
1.923: Source:C:\WINDOWS\system32\SET27.tmp (5.1.2600.2622)
1.923: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2180)
1.923: Source:C:\WINDOWS\system32\SET28.tmp (5.1.2600.2622)
1.923: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2180)
1.923: Source:C:\WINDOWS\system32\SET29.tmp (5.1.2600.2622)
1.923: Destination:C:\WINDOWS\system32\authz.dll (5.1.2600.2180)
1.923: Source:C:\WINDOWS\system32\SET3F.tmp (5.1.2600.2938)
1.923: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
1.923: Source:C:\WINDOWS\system32\SET40.tmp (5.1.2600.2938)
1.923: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2180)
1.923: In Function GetBuildType, line 1170, RegOpenKeyEx failed with error 0x2
1.923: SetProductTypes: InfProductBuildType=BuildType.Sel
1.933: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.973: DoInstallation: FetchSourceURL for c:\ceba2d6a2463410e443d248b8f9263\update\update.inf failed
1.973: LoadFileQueues: UpdSpGetSourceFileLocation for halacpi.dll failed: 0xe0000102
1.973: BuildCabinetManifest: update.url absent
1.973: Starting AnalyzeComponents
1.973: AnalyzePhaseZero used 0 ticks
1.973: No c:\windows\INF\updtblk.inf file.
1.973: SetupFindFirstLine in LoadExclusionList Failed with error: 0xe0000102
1.973: SetupFindFirstLine in LoadExclusionList Failed with error: 0xe0000102
8.863: Failed to query DriverPath of ROOT\LEGACY_VGASAVE\0000 0x2
12.228: OEM file scan used 10255 ticks
12.238: AnalyzePhaseOne: used 10265 ticks
12.238: AnalyzeComponents: Hotpatch analysis disabled; skipping.
12.238: AnalyzeComponents: Hotpatching is disabled.
12.238: AnalyzePhaseTwo used 0 ticks
12.238: AnalyzePhaseThree used 0 ticks
12.238: AnalyzePhaseFive used 0 ticks
12.248: AnalyzePhaseSix used 10 ticks
111.130: Wiz2Proc:CreateFile failed for eula.txt:INVALID_HANDLE_VALUE
111.140: AnalyzeComponents used 109167 ticks
111.140: Downloading 0 files
111.140: bPatchMode = FALSE
111.140: Inventory complete: ReturnStatus=0, 109167 ticks
111.150: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallWgaNotify$
111.150: Num Ticks for invent : 109177
111.150: Allocation size of drive C: is 4096 bytes, free space = 33226067968 bytes
111.160: Drive C: free 31686MB req: 9MB w/uninstall 0MB
111.160: CabinetBuild complete
111.160: Num Ticks for Cabinet build : 10
111.160: DynamicStrings section not defined or empty.
111.170: FileInUse:: Detection disabled.
112.182: Registering Uninstall Program for -> WgaNotify, WgaNotify , 0x0
112.182: LoadFileQueues: UpdSpGetSourceFileLocation for halacpi.dll failed: 0xe0000102
112.212: System Restore Point set.
112.232: Copied file: C:\WINDOWS\system32\spmsg.dll
112.512: PFE2: Not avoiding Per File Exceptions.
112.552: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat with error 0x57
112.552: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\WgaNotify.cat with error 0x80092004
112.803: Copied file: C:\WINDOWS\system32\WgaLogon.dll
112.833: Copied file: C:\WINDOWS\system32\WgaTray.exe
112.923: Copied file: C:\WINDOWS\system32\DllCache\WgaLogon.dll
112.953: Copied file: C:\WINDOWS\system32\DllCache\WgaTray.exe
112.963: DoInstallation: Installing assemblies with source root path: c:\ceba2d6a2463410e443d248b8f9263\
112.963: Num Ticks for Copying files : 1803
113.023: Num Ticks for Reg update and deleting 0 size files : 60
113.023: Starting process: C:\WINDOWS\system32\spupdsvc.exe /install "Enables Installer to complete its scheduled post-reboot tasks"
113.634: Return Code = 0
113.634: Starting process: C:\WINDOWS\system32\wgatray.exe /b
139.040: Return Code = 0
139.050: ---- Old Information In The Registry ------
139.050: Source:C:\WINDOWS\system32\_000012_.tmp.dll (5.1.2600.2180)
139.050: Destination:
139.050: Source:C:\WINDOWS\system32\SET27.tmp (5.1.2600.2622)
139.050: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2180)
139.050: Source:C:\WINDOWS\system32\SET28.tmp (5.1.2600.2622)
139.050: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2180)
139.050: Source:C:\WINDOWS\system32\SET29.tmp (5.1.2600.2622)
139.050: Destination:C:\WINDOWS\system32\authz.dll (5.1.2600.2180)
139.050: Source:C:\WINDOWS\system32\SET3F.tmp (5.1.2600.2938)
139.050: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
139.050: Source:C:\WINDOWS\system32\SET40.tmp (5.1.2600.2938)
139.050: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2180)
139.050: ---- New Information In The Registry ------
139.060: Source:C:\WINDOWS\system32\_000012_.tmp.dll (5.1.2600.2180)
139.060: Destination:
139.060: Source:C:\WINDOWS\system32\SET27.tmp (5.1.2600.2622)
139.060: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2180)
139.060: Source:C:\WINDOWS\system32\SET28.tmp (5.1.2600.2622)
139.060: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2180)
139.060: Source:C:\WINDOWS\system32\SET29.tmp (5.1.2600.2622)
139.060: Destination:C:\WINDOWS\system32\authz.dll (5.1.2600.2180)
139.060: Source:C:\WINDOWS\system32\SET3F.tmp (5.1.2600.2938)
139.060: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
139.060: Source:C:\WINDOWS\system32\SET40.tmp (5.1.2600.2938)
139.060: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2180)
139.060: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
139.060: Starting process: C:\WINDOWS\system32\spupdsvc.exe /delete
139.080: Return Code = 0
139.100: CleanupTrustedInfFile: GetFileAttributes for C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem4.cat failed: 0x2
151.448: RebootNecessary = 0,WizardInput = 1 , DontReboot = 1, ForceRestart = 0It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Download Dial-a fix to your desktop.
Place a check in these boxes:
1. Empty temp folder
2. Fix windows installer
3. Fix windows update
4. Fix ssl/Https/Cryptscv
5. All 6 boxes under Registration CenterPress Go.
Wait a few minutes then exit the program.Then try to update/validate.
0
ok, did all that, clicked on validation icon in taskbar and it popped up the website, had to allow the active-x , but it still failed the validation... any ideas what's up with that? happened at same time all this other stuff did
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Try this, reboot into safe mode with networking.
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the option, Safe Mode with Networking, then press "Enter".
Choose your usual account.Type this into your browsers address bar.
www.microsoft.com/genuine
Then when it opens click "validate windows"> restart the computer to get back into normal mode once it does or does not validate.
0
rebooted in safe mode w/ networking but it wouldnt let me connect. that is probably due to the fact that my wireless isn't done by windows, but by netgear software. it didn't boot the card so the network wasnt up, and wouldnt boot the "wlancfg" process to get online.
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXThen, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Delete the fixme.reg file just created.Try to validate again.
0
ok , did that, fixme.reg updated registry, and i tried to validate again, didnt work, same thing, will try to reboot, and try again.
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
ok, rebooted, still not validating..
any more ideas?It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Go to start> run> type in regedit . Now browse to the following key by expanding the folders:
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersionTo expand the folders click the + sign to the left of each key until you get to "CurrentVersion" then click on the "CurrentVersion" folder to open it.
In the right pane, you should find: ProductId> to the right of ProductID should be a "group of numbers" or "Virus Alert".Let me known what is listed.
To exit just click the - signs beside the keys you opened until you get back to "HKEY_LOCAL_MACHINE" then click the X at the top right of the page.
0
ok, finally found that folder, the line that is tagged with a small red/whit icon that has "ab" in is type:REG_SZ and has NOTHING in the "data" column...
there is a "digital product id" a few lines above it that has a string of apparent binary code.. is that what you what? if so let me know, think i should probably private that to you?It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
This "Windows" folder is just above the "Windows NT" folder you just looked at. Go to start> run> type in regedit . Now browse to the following key by expanding the folders:
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersionTo expand the folders click the + sign to the left of each key until you get to "CurrentVersion" then click on the "CurrentVersion" folder to open it.
There should be numbers to correspond with these X"s:
"ProductId"="XXXX-XXX-XXXXXXX-XXXXX"
Write the numbers/letters down and save them, double check that that you did not make a mistake, do not post them. Let me know when you have them.
0
found it, got it, except that first sequence has 5 numbers not 4, but otherwise sequence is the same and i have the number
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
Go back to to the Windows NT folder in regedit:
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > right click on "ProductID" > click modify> in the "value data" line type in "your number" with all the dashes in the right places> click ok> and yes if ask.
Restart the compter and verify that the ProductID was accepted.
0
OMG!! that seems to have worked!!! at least, its not giving me that thing that says windows didnt validate, i guess now i should do automatic update and stuff? what should i do now to assure this doesnt happen again?
FYI you are COMPUGOD! thank you soo much my man, you rock!!!It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
If ever ask to install a codec for a video don't do it until you can be sure it is valid.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version. And you might want to add a third party firewall.
You can download the free version of Zonealarm Firewall from this link:
Make sure you can update and let me know.
0
update worked!!
ZA installed and running!!
I LOVE YOU!
IF YOU ARE A LADY I WANT TO BE THE FATHER OF YOUR BABIES! LOL
omg thank you so much for your time and knowledge, that was soo helpful, I'd probably have use the "hammer it to pieces" repair approach by now.It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
you rock Jabuck, thanks for all the help, you can label this topic full solution, this thread is a perfect step by step for fixing this mean thing. will keep your site in my favorites for sure.
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
oh , just so you know, the Start>run> combofix \u didnt uninstall either combofix or its qoobox file. it popped my hourglass for a min like it was doing something, but file and program still there. forgot to mention that earlier.
It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0
well , i typed it correctly the first time(it popped up in the drop down menu as I typed it again) but this time it uninstalled it all. thanks again for all your help.
if i have any more problems I will seek you out!!
god bless you Jabuck!It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.
0  |
 Trojan zlob? Please help
|
Black screen after start
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
