tdao91 Posted September 27, 2006 Share Posted September 27, 2006 Well, lately I've been getting this weird pop-up. It's called Win Antivirus Pro 2006 and says "you may be infected! download it now for free!" (or something like that). I've done some scans with AVG free and ad aware. It removes some trojan, but it always comes back. And when I do the scan, it removes it again. but after a while the pop up comes back up. Sooooo... I decided to post a HJT log. And i am begging for some assistance. ty in advance. Logfile of HijackThis v1.99.1 Scan saved at 6:33:19 PM, on 9/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\LEXBCES[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\system32\LEXPPS[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\Program Files\D-Tools\daemon[Caution: Executable File] C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\Program Files\Grisoft\AVG Free\avgcc[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\WINDOWS\system32\igfxsrvc[Caution: Executable File] C:\WINDOWS\system32\wscntfy[Caution: Executable File] C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: Executable File] C:\Program Files\hijackthis\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3[Caution: Executable File] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback[Caution: Executable File] /dump:os_startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: Executable File] -autorun O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp[Caution: Executable File] (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp[Caution: Executable File] (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4608363812 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File]" "WUSB54Gv4[Caution: Executable File] (file missing)[/b] Link to comment Share on other sites More sharing options...
____ Posted September 27, 2006 Share Posted September 27, 2006 Fix then unregister this dll, reboot then delete it. O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll Link to comment Share on other sites More sharing options...
tdao91 Posted September 28, 2006 Author Share Posted September 28, 2006 oh and here's a pic of the pop-up (very suspicious pop-up!) Link to comment Share on other sites More sharing options...
coltm4carbine Posted September 28, 2006 Share Posted September 28, 2006 If you have downloaded winantivirus that means you have vundo. Don't download it. Rename Hijackthis[Caution: Executable File] to something like Scan[Caution: Executable File]. Then post another HJT log. Link to comment Share on other sites More sharing options...
KnightLite Posted September 28, 2006 Share Posted September 28, 2006 I had the same thing happen to me. I just simply did a system restore to the day it happened, problem solved - Only character in Runescape History maxed out in RSC and RS2 Link to comment Share on other sites More sharing options...
Rcty Posted September 28, 2006 Share Posted September 28, 2006 DO NOT DO ANYTHING TO THIS POP UP. I GOT THE SAME ONE BEFORE AND WHEN I GOT MY SPY SWEEPER AND PC CILLIN PROGRAMS, IT SAID IT ACTUALLY DOWNLOADED SOME VIRUSES ONTO MY COMPUTER. THAT AD IS ANNOYING BECAUSE IT REDIRECTS YOU AND DOWNLOADS WITHOUT YOUR PERMISSION, I KNOW. ~Rcty Rcty Link to comment Share on other sites More sharing options...
tdao91 Posted September 29, 2006 Author Share Posted September 29, 2006 If you have downloaded winantivirus that means you have vundo. Don't download it. Rename Hijackthis.e3e (CAUTION - executable file) to something like Scan.e3e (CAUTION - executable file). Then post another HJT log. well i haven't clicked on it yet (and don't plan to) but how would i go about changing the renaming it? just go into my hijackthis folder and change the name to scan? Link to comment Share on other sites More sharing options...
blade995 Posted September 29, 2006 Share Posted September 29, 2006 If you have downloaded winantivirus that means you have vundo. Don't download it. Rename Hijackthis.e3e (CAUTION - executable file) to something like Scan.e3e (CAUTION - executable file). Then post another HJT log. well i haven't clicked on it yet (and don't plan to) but how would i go about changing the renaming it? just go into my hijackthis folder and change the name to scan? Yes Link to comment Share on other sites More sharing options...
tdao91 Posted September 29, 2006 Author Share Posted September 29, 2006 here ya go: new HJT log Logfile of HijackThis v1.99.1 Scan saved at 4:35:16 PM, on 9/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] C:\WINDOWS\system32\LEXBCES[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\system32\LEXPPS[Caution: Executable File] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa[Caution: Executable File] C:\Program Files\D-Tools\daemon[Caution: Executable File] C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: Executable File] C:\Program Files\Windows Media Player\wmplayer[Caution: Executable File] C:\Program Files\hijackthis\Scan[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {21C4D498-A414-48E0-A43B-E9AF41621005} - C:\WINDOWS\system32\ddaby.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fvwfqydo.dll (file missing) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3[Caution: Executable File] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback[Caution: Executable File] /dump:os_startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: Executable File] -autorun O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4608363812 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab O20 - Winlogon Notify: ddaby - C:\WINDOWS\system32\ddaby.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File]" "WUSB54Gv4[Caution: Executable File] (file missing) Link to comment Share on other sites More sharing options...
coltm4carbine Posted October 1, 2006 Share Posted October 1, 2006 yup..you have vundo. try this first. It should work: Please download VundoFix[Caution: Executable File] to your desktop. [*:pm4nnopz]Double-click VundoFix[Caution: Executable File] to run it. [*:pm4nnopz]Put a check next to Run VundoFix as a task. [*:pm4nnopz]You will receive a message saying vundofix will close and re-open in a minute or less. Click OK [*:pm4nnopz]When VundoFix re-opens, click the Scan for Vundo button. [*:pm4nnopz]Once it's done scanning, click the Remove Vundo button. [*:pm4nnopz]You will receive a prompt asking if you want to remove the files, click YES [*:pm4nnopz]Once you click yes, your desktop will go blank as it starts removing Vundo. [*:pm4nnopz]When completed, it will prompt that it will shutdown your computer, click OK. [*:pm4nnopz]Turn your computer back on. [*:pm4nnopz]Please post the contents of C:\vundofix.txt and a new HiJackThis log. Link to comment Share on other sites More sharing options...
tdao91 Posted October 1, 2006 Author Share Posted October 1, 2006 yup..you have vundo. try this first. It should work: Please download VundoFix.e3e (CAUTION - executable file) to your desktop. [*:37cb9qui]Double-click VundoFix.e3e (CAUTION - executable file) to run it. [*:37cb9qui]Put a check next to Run VundoFix as a task. [*:37cb9qui]You will receive a message saying vundofix will close and re-open in a minute or less. Click OK [*:37cb9qui]When VundoFix re-opens, click the Scan for Vundo button. [*:37cb9qui]Once it's done scanning, click the Remove Vundo button. [*:37cb9qui]You will receive a prompt asking if you want to remove the files, click YES [*:37cb9qui]Once you click yes, your desktop will go blank as it starts removing Vundo. [*:37cb9qui]When completed, it will prompt that it will shutdown your computer, click OK. [*:37cb9qui]Turn your computer back on. [*:37cb9qui]Please post the contents of C:\vundofix.txt and a new HiJackThis log. here it is: VundoFix V4.2.84 Checking Java version... Java version is 1.4.2.3 Scan started at 6:43:05 PM 6/16/2006 Listing files found while scanning.... C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\prqss.ini C:\WINDOWS\system32\prqss.bak1 C:\WINDOWS\system32\prqss.bak2 C:\WINDOWS\system32\prqss.ini2 C:\WINDOWS\system32\prqss.tmp C:\WINDOWS\SYSTEM32\prqss.bak1 C:\WINDOWS\SYSTEM32\prqss.bak2 C:\WINDOWS\SYSTEM32\prqss.tmp C:\WINDOWS\SYSTEM32\prqss.ini C:\WINDOWS\SYSTEM32\prqss.ini2 C:\WINDOWS\SYSTEM32\ssqrp.dll C:\WINDOWS\SYSTEM32\prqss.ini2 C:\WINDOWS\SYSTEM32\prqss.bak2 C:\WINDOWS\SYSTEM32\prqss.tmp C:\WINDOWS\SYSTEM32\prqss.ini C:\WINDOWS\SYSTEM32\prqss.ini2 C:\WINDOWS\SYSTEM32\ssqrp.dll Attempting to delete C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\ssqrp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\prqss.ini C:\WINDOWS\system32\prqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\prqss.bak1 C:\WINDOWS\system32\prqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\prqss.bak2 C:\WINDOWS\system32\prqss.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\prqss.ini2 C:\WINDOWS\system32\prqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\prqss.tmp C:\WINDOWS\system32\prqss.tmp Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.6 Checking Java version... Java version is 1.4.2.3 Java version is 1.5.0.3 Scan started at 10:44:55 AM 10/1/2006 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\ddaby.dll C:\WINDOWS\SYSTEM32\ybadd.ini C:\WINDOWS\SYSTEM32\ybadd.bak1 C:\WINDOWS\SYSTEM32\ybadd.bak2 C:\WINDOWS\SYSTEM32\ybadd.tmp C:\WINDOWS\SYSTEM32\urqrpol.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\ddaby.dll C:\WINDOWS\SYSTEM32\ddaby.dll Could not be deleted. Attempting to delete C:\WINDOWS\SYSTEM32\ybadd.ini C:\WINDOWS\SYSTEM32\ybadd.ini Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ybadd.bak1 C:\WINDOWS\SYSTEM32\ybadd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\ybadd.bak2 C:\WINDOWS\SYSTEM32\ybadd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\SYSTEM32\urqrpol.dll C:\WINDOWS\SYSTEM32\urqrpol.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.6 Checking Java version... Java version is 1.4.2.3 Java version is 1.5.0.3 Scan started at 10:48:48 AM 10/1/2006 Listing files found while scanning.... C:\WINDOWS\SYSTEM32\ddaby.dll Beginning removal... Attempting to delete C:\WINDOWS\SYSTEM32\ddaby.dll C:\WINDOWS\SYSTEM32\ddaby.dll Has been deleted! Performing Repairs to the registry. Done! and the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:55:23 AM, on 10/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\WINDOWS\system32\LEXBCES[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\system32\LEXPPS[Caution: Executable File] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa[Caution: Executable File] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File] C:\Program Files\D-Tools\daemon[Caution: Executable File] C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Program Files\hijackthis\Scan[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fvwfqydo.dll (file missing) O2 - BHO: (no name) - {F4B71768-1E50-4823-8604-A77E13F1D913} - C:\WINDOWS\system32\ddaby.dll (file missing) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3[Caution: Executable File] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback[Caution: Executable File] /dump:os_startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: Executable File] -autorun O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4608363812 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File]" "WUSB54Gv4[Caution: Executable File] (file missing) hope this helps Link to comment Share on other sites More sharing options...
coltm4carbine Posted October 2, 2006 Share Posted October 2, 2006 I suggest you save this reply in notepad so you know what to fix... Close all open windows except HiJackthis. RE-open scan[Caution: Executable File] and fix the following: R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fvwfqydo.dll (file missing) O2 - BHO: (no name) - {F4B71768-1E50-4823-8604-A77E13F1D913} - C:\WINDOWS\system32\ddaby.dll (file missing) O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.co.....in9USA.cab O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing) Reboot and post a new HJT log in your next post + how things are going right now. [any more pop-ups etc] Link to comment Share on other sites More sharing options...
tdao91 Posted October 3, 2006 Author Share Posted October 3, 2006 I suggest you save this reply in notepad so you know what to fix... Close all open windows except HiJackthis. RE-open scan.e3e (CAUTION - executable file) and fix the following: R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fvwfqydo.dll (file missing) O2 - BHO: (no name) - {F4B71768-1E50-4823-8604-A77E13F1D913} - C:\WINDOWS\system32\ddaby.dll (file missing) O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.co.....in9USA.cab O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing) Reboot and post a new HJT log in your next post + how things are going right now. [any more pop-ups etc] Well, after using VundoFix I didn't see that pop-up anymore, seems like everyhting's normal again. Here's another HJT log: Logfile of HijackThis v1.99.1 Scan saved at 5:08:04 PM, on 10/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] C:\WINDOWS\system32\LEXBCES[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\system32\LEXPPS[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File] C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] C:\WINDOWS\system32\hkcmd[Caution: Executable File] C:\WINDOWS\system32\igfxpers[Caution: Executable File] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File] C:\Program Files\D-Tools\daemon[Caution: Executable File] C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Program Files\hijackthis\Scan[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp[Caution: Executable File] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File] O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3[Caution: Executable File] O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd[Caution: Executable File] O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers[Caution: Executable File] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: Executable File] /STARTUP O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback[Caution: Executable File] /dump:os_startup O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon[Caution: Executable File]" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm[Caution: Executable File] -autorun O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv[Caution: Executable File] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4608363812 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: Executable File] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: Executable File] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: Executable File] O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File] O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File] O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService[Caution: Executable File]" "WUSB54Gv4[Caution: Executable File] (file missing) Link to comment Share on other sites More sharing options...
coltm4carbine Posted October 3, 2006 Share Posted October 3, 2006 looks good to me, Just one more thing: Updating Java and Clearing Cache [*:7dfj6y8p]Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. [*:7dfj6y8p]It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. [*:7dfj6y8p]If you are unable to update you can manually update by going here: http://www.java.com/en/download/manual.jsp [*:7dfj6y8p]After the reboot, go back into the Control Panel and double-click the Java Icon. [*:7dfj6y8p]Under Temporary Internet Files, click the Delete Files button. [*:7dfj6y8p]There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files [*:7dfj6y8p]Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*:7dfj6y8p]Click OK to leave the Java Control Panel. When you've done that you should be clean. Download Ad-aware and Spybot s&D and run those to clean up anything I have missed Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now