Old 4th May 2005, 22:44   #1
Nightcom
Junior Member
 
Join Date: May 2005
Posts: 1
I just read through all 3 pages very slowly and stuff, and tried different things - but I still have the problem.
I'll attach my hijack log below.
Sorry to be a pain.
Attached Files
File Type: rar hijackthis.rar (2.0 KB, 250 views)
Nightcom is offline   Reply With Quote
Old 5th May 2005, 09:54   #2
siebe83
Forum King
 
siebe83's Avatar
 
Join Date: Feb 2004
Posts: 9,229
I'm pasting your log here since not everyone may have WinRAR installed...

Logfile of HijackThis v1.99.1
Scan saved at 12:35:59 AM, on 5/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program\Apache Group\Apache2\bin\Apache.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\Program\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program\Netropa\Onscreen Display\OSD.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\DC++\DCPlusPlus.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\Program\FlashFXP\FlashFXP.exe
C:\Documents and Settings\Shinra\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKCU\..\Run: [send film] C:\DOCUME~1\Shinra\APPLIC~1\THISLO~1\info meta audio.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Skapa mobilfavorit - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{02C3A8CA-2DE8-475B-A8C3-4E6EC7CF0548}: NameServer = 194.236.29.3,212.181.52.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{02C3A8CA-2DE8-475B-A8C3-4E6EC7CF0548}: NameServer = 194.236.29.3,212.181.52.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{02C3A8CA-2DE8-475B-A8C3-4E6EC7CF0548}: NameServer = 194.236.29.3,212.181.52.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{02C3A8CA-2DE8-475B-A8C3-4E6EC7CF0548}: NameServer = 194.236.29.3,212.181.52.2
O20 - Winlogon Notify: WB - C:\Program\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Apache2 - Unknown owner - C:\Program\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)


--------------------------------------------------------
--------------------------------------------------------




I'm not very familiar with malware removal myself, but I did notice the following entries, which I think should be removed. Hopefully someone else will post here with more detailed instructions.

If no-one else replies, the best advice I can give you is to reboot Windows into safe mode, do not open any browser/explorer windows (i.e. copy the contents of this post to a .txt file), and then let HijackThis fix these entries:

O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe

O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe

O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe

O4 - HKCU\..\Run: [send film] C:\DOCUME~1\Shinra\APPLIC~1\THISLO~1\info meta audio.exe

O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)



If you don't know what these entries are, also fix these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126

______________________________


Then search your hard drive for the files mentioned above and delete them. If you can't find them, configure Windows to show hidden files.

Reboot into normal mode, scan again with HijackThis and attach the new log here (preferably as .txt file).
(and tell us if you still have the problem, of course)


[Edit --> DJ Egg]
Removed evil makemesearch/tubby hijack url's

If you're bored go here or, if the boredom is more serious, here.
siebe83 is offline   Reply With Quote
Old 5th May 2005, 17:08   #3
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,867
@Nightcom

I've split your post from the sticky thread.

Alas, you've got some serious infections (worms, trojans, spyware, hijackers).

I am currently analyzing your log and will be back soon with the full cleanup instructions.

Please wait for my instructions/fixes before attempting any manual fixes yourself.
And if possible, in the meantime, please do not shutdown or reboot your pc (until told otherwise by me).
DJ Egg is offline   Reply With Quote
Old 5th May 2005, 17:33   #4
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,867
@Nightcom

Re: this entry

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

This means that you have used msconfig to disable some startup items.

Now, I don't want you to re-enable any potential malware startups,
but I would like you to download the attached RegQuery.zip file,
unzip it and run RegQuery.bat
A RegQuery.txt file will appear on your desktop.
Please attach that text file here, asap.

Basically, it will just show me which Startups you've disabled with msconfig.
If there's any malware items in the list, then I can also include the fix for these in my forthcoming instructions.


Also note that although I will hopefully be able to fix the current issues for you, there's a high probability factor that they (or others) could just come back again. This is because you are running Windows XP with no Service Packs, and many of these infections exploit the vulnerabilities that have since been addressed by sp1/sp2 and all other Critical Updates available at WindowsUpdate.

Have you at least installed all available Critical Updates?

Anyway, please attach the RegQuery.txt file, and in the meantime, I'll continue preparing the full fix.
Attached Files
File Type: zip regquery.zip (258 Bytes, 373 views)
DJ Egg is offline   Reply With Quote
Old 5th May 2005, 21:06   #5
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,867
Analysis first...


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126

Makemesearch/Tubby hijacker
http://www.wilderssecurity.com/archi...p/t-49159.html
http://www.doxdesk.com/parasite/Tubby.html

It looks like you've already fixed the related BHO and/or Toolbar which usually comes associated with this parasite, so this should be easy to get rid of.

_____________________________________________


O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe

Win32.Sndc.A Worm
http://www3.ca.com/securityadvisor/v....aspx?id=39771

______________________________________________________


O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

aBetterInternet Transponder parasite (adware/spyware installer/updater), aka: stubby.d
http://www.liutilities.com/products/...ibrary/satmat/
http://www.doxdesk.com/parasite/Transponder.html

_____________________________________________________


O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe

Premium Rate adult content dialer (aka: websiteviewer trojan)
http://www.sophos.com/virusinfo/anal...hidediala.html
http://www.sophos.com/virusinfo/anal...hidediald.html
http://securityresponse.symantec.com...ialer.wsv.html

_______________________________________________________


O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

TopAntiSpyware/Spyre.b Trojan-Clicker, aka smitfraud.c
http://castlecops.com/startuplist-6559.html
http://sarc.com/avcenter/venc/data/p...tispyware.html
http://www.sophos.com/virusinfo/anal...rojspyreb.html > Advanced tab
http://www.google.com/search?q=smitf...spoolsrv32.exe

______________________________________________________


O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe

Trojan Downloader (Small Dropper / Troj/Small-DP
http://castlecops.com/startuplist-7248.html
http://www.sophos.com/virusinfo/anal...ojsmalldp.html

_______________________________________________________


O4 - HKCU\..\Run: [send film] C:\DOCUME~1\Shinra\APPLIC~1\THISLO~1\info meta audio.exe

Lop.com parasite/hijacker
http://www.doxdesk.com/parasite/lop.html
http://sarc.com/avcenter/venc/data/adware.lop.html

_______________________________________________________


Fixes

Download the following free tools:

CWShredder > http://cwshredder.net/bin/CWShredder.exe

Lop.com Removal Tool > http://www.thespykiller.co.uk/files/lopremover.exe

CkeanDesktop Utility > http://www.thespykiller.co.uk/files/cleandesktop.exe
Info (read this first):
http://forums.techguy.org/t345137.html > post #8
http://forums.techguy.org/showthread.php?p=2539710
Use this only if your desktop has been hijacked by the TopAntiSpyware/spyre.b trojan (ie. if the wallpaper has been replaced by some "Spyware Detected Warning!" type of background)

If you've rebooted since posting the log, without removing the satmat.exe startup, then you might now also need to go here and download/run the BetterInternet/Transponder Uninstaller (read the instructions first)
http://www.mypctuneup.com/evaluate.php


Also make sure you've got the latest versions and internal detection updates for both of Spybot SD and Ad-Aware SE.

________________________________________________


Now close all windows, including this one

If you've not rebooted since postin the log, then you can disconnect from the internet (which is highly recommended). If you did reboot and you've now got some weird looking O2 - BHO entries in your log, and possibly other Transponder variants, then you need to stay online to run the BetterInternet Uninstaller. However, I recommend that you do this last, after fixing everything else (because 1) we aren't certain if you've been infected further and 2) the uninstaller requires that you reboot straight after running it) - and therefore I recommend at this point that you disconnect from the internet.

__________________________________________________


Open HJT and run the scan

Place a checkmark next to the following entries only, and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=126

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe

O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe

O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe

O4 - HKCU\..\Run: [send film] C:\DOCUME~1\Shinra\APPLIC~1\THISLO~1\info meta audio.exe

O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe


-----------

Suspicious / questionable entries:

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

Under normal circumstances, this entry is a process associated with Nero Burning software, and is used to check for driver issues under multi/non-admin user profiles. If you only use one main user profile with full admin privileges, then this entry is totally unnecessary.
However, unless you've got two versions of Nero installed (eg. v5.x and v6.x), then I've never seen ttwo different entries for this same same process before.

I recommend that you disable both those entries for now, and upload NeroCheck.exe for an online virus scan here:
http://virusscan.jotti.org/

If it says it's infected, then you should delete that file.
If it says it's clean, then disable the 2nd entry:

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

This is the suspicious one, especially due to the double backslash in the file path \\

---------

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

As stated in my previous post, this entry would normally appear after you've used msconfig to disable any startup items. However, some hijacks are known to replace that file (especially some of the newer variants of CoolWebSearch).
I also recommend that you disable that entry, and upload the file to the jotti online scan.

If it IS infected, then you can find a replacement version here:
http://net-integration.net/main/content/view/108/26/
http://www.richardthelionhearted.com/~merijn/winfiles.html

----------

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

These two entries are suspicious, and are usually as a result of a hijack which restricts policies/permissions.
However, they could also be legitimate entries if you've used Spybot Search & Destroy to lock the IE Control Panel or homepage from being accessed/changed.

----------

Re: this service

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

That is the legitimate WindowsXP "Print Spooler" service.
However, the spoolsv.exe file is missing.
This could either be as a result of a virus, or you've accidentally deleted the file yourself.
If you have a printer, then it will not work without that service being active, and you'll need to either extract spoolsv.exe from the Windows XP Setup CD-ROM, or there might be a copy of it somewhere on your HD, if the Windows XP setup cabs are stored locally.


Likewise for this legitimate service:

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)

This is for your multimedia keyboard hotkeys.
You will need to reinstall the software/drivers for the keyboard to fix this. But don't do it until after your system is confirmed clean.

____________________________________________________


Run CWShredder
Click the "Fix" button, and let it do its thing

_____________________________________________________


Run the Lop.com Uninstaller

_____________________________________________________


Boot immediately into Safe Mode

How to boot into safe mode | 2

To make sure you can view hidden and system files,
Go to: Control Panel > Folder Options > View tab:
Checkmark "show hidden files"
Uncheck "hide extensions for known file types"
Uncheck "Hide protected operating system files"
OK everything and close Folder Options.


Empty all Temp folders (delete all files within, and all files within subfolders, but do not delete the actual root Temp folders):

C:\Documents and Settings\(profile)\Local Settings\Temp\
C:\Windows\Temp\
C:\WIndows\Prefetch (delete all *.pf files)
C:\Temp\ (if it exists)


Locate and delete the following files (if they still exist):
C:\WINDOWS\satmat.exe
C:\WINDOWS\System32\tibs3.exe
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\System32\srvc32.exe
C:\WINDOWS\System32\sndcfg16.exe


Locate and delete the following folders (if they still exist):
C:\Documents and Settings\Shinra\Application Data\THISLO~1

THISLO~1 is abbreviated. The actual folder name will be much longer and will probably consist of morre than one word. All I can tell you is that the first six letters will be THISLO and the folder will contain a file called "info meta audio.exe". Note that there's also a possibility that the lop.com uninstaller has already removed this file.



Right-click the IE desktop icon, select "Properties"
or if there is no IE desktop icon, go to: Control Panel > Internet Options,
General tab > Temporary Internet Files > Delete Files:
Checkmark "Delete all offline content"
Click OK
then click OK to close Internet Options.



Open "My Computer" folder view, and type/paste this into the address bar:

%homepath%\Local Settings\Temporary Internet Files\Content.IE5

Hit Enter

Open all the subfolders in that folder, and delete all files within except for desktop.ini
eg. open the first subfolder, delete all files within (except for desktop.ini)
click the "Up" button, open the next subfolder...etc etc

Note, do not attempt to delete index.dat or desktop.ini in the Content.IE5 root folder.


Empty the Recycle Bin


Disable System Restore
Control Panel > System > System Restore tab:
Checkmark "Turn off system restore"
Click Apply/OK
(You can re-enable system restore once your system is confirmed clean).

___________________________________________


Run Spybot SD and Ad-Aware SE scans, one after the other

Fix everything they find

_____________________________________________


Reboot into Normal Mode

_____________________________________________


Go to: Control Panel > Internet Options

Go to the "Programs" tab, then click the "Reset Web Settings" button.
Click Apply.
Note: You then might need to reset your desired home page c/o General tab

Go to the "Security" tab
Click on "Internet Zone" and then click "Default Level"
Click on "Restricted Sites", then click the "Sites" button
Type in: *.makemesearch.com
Click the "Add" button, then click OK
Click Apply, then click OK to close Internet Options.



If it exists, go to:
Control Panel > Java -or- Java Plugin > General tab > Temporary Internet Files > Delete Files:
Checkmark all 3 options
Click OK

If those settings are different, the "Clear Cache" option might be under the "Cache" tab instead.

______________________________________________


Run Spybot SD and Ad-Aware SE scans again.
Confirm that they both say your system is clean

________________________________________________


I was going to prepare .bat and .reg fix files, to cleanup the registry and auto delete all the associated bad files, but alas, I've run out of time... and also, I needed the RegQuery results first, not to mention that your not running an English version of Windows, which means that it would take me even longer to prepare the auto fix files, heh.

I also recommend that you run an online scan at two or more of the following sites:

http://www.kaspersky.com/beta?product=161744315
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan8/
http://www.freedom.net/onlineviruscheck/
http://www.pcpitstop.com/pcpitstop/AntiVirusCntr.asp

Be sure to checkmark any "Auto Clean" options before running the scan.
If it says any files can't be cleaned, delete them
If it says any files can't be deleted, make a note of them and boot into safe mode to delete them.


And as already mentioned, go to WindowsUpdate and install all Critical Updates, if any are available.


Post a new HJT log here when done,
and let us know if the problem(s) persist.

Good luck
DJ Egg is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump