Results 1 to 6 of 6
  1. #1
    Member chessy's Avatar
    Join Date
    Aug 2004
    Posts
    3
    Points
    0

    Default Help removing netspry

    I have been hijacked by netspry. I have downloaded hijack this and here is the log. Any help greatly appreciated!
    thanks
    chessy!

    Logfile of HijackThis v1.98.0
    Scan saved at 8:48:27 PM, on 8/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Nhksrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Netropa\OSD.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\documents and settings\mitch\local settings\temp\RKO.exe
    C:\documents and settings\kellen\local settings\temp\4F0GEOnmE.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\DownloadWizard\DownloadWizard.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MITCH\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://drvvv.com/ded/hp.htm
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\MITCH\Local Settings\Temp\ovq.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
    O4 - HKLM\..\Run: [RKO] C:\documents and settings\mitch\local settings\temp\RKO.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Bin9f.exe
    O4 - HKLM\..\Run: [4F0GEOnmE] C:\documents and settings\kellen\local settings\temp\4F0GEOnmE.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [5-1-61-4] c:\windows\5-1-61-4.exe -m
    O4 - HKCU\..\Run: [5-2-170-4] c:\windows\5-2-170-4.exe -m
    O4 - HKCU\..\Run: [5-1-26-14] c:\windows\5-1-26-14.exe -m
    O4 - HKCU\..\Run: [5-1-26-38] c:\windows\5-1-26-38.exe -m
    O4 - HKCU\..\Run: [5-1-48-2] c:\windows\5-1-48-2.exe -m
    O4 - HKCU\..\Run: [5-1-25-555] c:\windows\5-1-25-555.exe -m
    O4 - HKCU\..\Run: [5-2-100-79] c:\windows\5-2-100-79.exe -m
    O4 - HKCU\..\Run: [5-2-103-21] c:\windows\5-2-103-21.exe -m
    O4 - HKCU\..\Run: [5-2-100-137] c:\windows\5-2-100-137.exe -m
    O4 - HKCU\..\Run: [5-2-170-110] c:\program files\Webdialer\connect.exe -m
    O4 - HKCU\..\Run: [60-1-1-66] c:\program files\Webdialer\60-1-1-66.exe -m
    O4 - HKCU\..\Run: [5-2-170-97] c:\program files\Webdialer\connect.exe -m
    O4 - HKCU\..\Run: [60-1-1-194] c:\program files\Webdialer\60-1-1-194.exe -m
    O4 - HKCU\..\Run: [5-2-170-29] c:\program files\Webdialer\connect.exe -m
    O4 - HKCU\..\Run: [60-1-1-245] c:\program files\Webdialer\60-1-1-245.exe -m
    O4 - HKCU\..\Run: [60-1-1-335] c:\program files\Webdialer\60-1-1-335.exe -m
    O4 - HKCU\..\Run: [60-1-1-318] c:\program files\Webdialer\60-1-1-318.exe -m
    O4 - HKCU\..\Run: [60-1-1-2] c:\program files\Webdialer\60-1-1-2.exe -m
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: Download Mgr.lnk = C:\WINDOWS\DownloadWizard\DownloadWizard.exe
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: E_SPSU01.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SPSU01.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\MSOFFICE\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: (no name) - {01D630A1-E8C0-4E80-92EB-38633AF2779D} - (no file)
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
    O9 - Extra button: Microsoft® JavaScript® Console - {B6E0AA52-2564-414C-A804-6C9AED44EBEC} - C:\WINDOWS\SYSTEM32\COMDLG32.OCX
    O9 - Extra 'Tools' menuitem: JavaScript Console - {B6E0AA52-2564-414C-A804-6C9AED44EBEC} - C:\WINDOWS\SYSTEM32\COMDLG32.OCX
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
    O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.cedarfair.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-do...4.2.block2.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/co...rap/iegils.cab
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamhc.redhotnetworks.com/cabs/videox.cab
    O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs7.chat.yahoo.com/v43/yacscom.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.ea.com/downloads/games/co...y/iesnoopy.cab
    O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://www.wildtangent.com/multiplay...mmp/wtinst.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_0.ocx
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/Shar.../bin/cabsa.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab28177.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0C5684F2-8D81-4CFF-B073-10074C6E1073}: NameServer = 216.221.96.2,216.221.96.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0C5684F2-8D81-4CFF-B073-10074C6E1073}: NameServer = 216.221.96.2,216.221.96.220
    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Read and follow all the directions given here:

    http://www.help2go.com/postt8026.html

    Post another log by using the reply button at the bottom of this page.

    Cheers

  3. #3
    Member chessy's Avatar
    Join Date
    Aug 2004
    Posts
    3
    Points
    0

    Default

    I followed all steps. 18 viruses found and disinfected. Mcafee didn't find them panda did. none found by housecall.
    lspfix found following:
    Keep
    mswsock.dll
    winmr.dll
    rspvsp.dll

    delete
    nothing
    no errors
    nothing renumbered or removed.

    rebooted still have netspry????
    Now what

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    First download and run THIS<<<< click here
    to remove the peper trojan from your computer ( Remain connected to the internet when you run this uninstall program)

    PLease do this next - go to C: and create a new permanent folder (call it hijackthis) ...Then put the hijackthis.exe file in it (You must unzip it if it's zipped)...... so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder (or the desktop) these backups can easily get lost) The First time you run hijackthis....click config and make sure the bottom 4 boxes are ticked (and NOT the top one)

    Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://drvvv.com/ded/hp.htm

    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

    O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\MITCH\Local Settings\Temp\ovq.dll

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - (no file)

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [RKO] C:\documents and settings\mitch\local settings\temp\RKO.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Bin9f.exe
    O4 - HKLM\..\Run: [4F0GEOnmE] C:\documents and settings\kellen\local settings\temp\4F0GEOnmE.exe

    O4 - HKCU\..\Run: [5-1-61-4] c:\windows\5-1-61-4.exe -m
    O4 - HKCU\..\Run: [5-2-170-4] c:\windows\5-2-170-4.exe -m
    O4 - HKCU\..\Run: [5-1-26-14] c:\windows\5-1-26-14.exe -m
    O4 - HKCU\..\Run: [5-1-26-38] c:\windows\5-1-26-38.exe -m
    O4 - HKCU\..\Run: [5-1-48-2] c:\windows\5-1-48-2.exe -m
    O4 - HKCU\..\Run: [5-1-25-555] c:\windows\5-1-25-555.exe -m
    O4 - HKCU\..\Run: [5-2-100-79] c:\windows\5-2-100-79.exe -m
    O4 - HKCU\..\Run: [5-2-103-21] c:\windows\5-2-103-21.exe -m
    O4 - HKCU\..\Run: [5-2-100-137] c:\windows\5-2-100-137.exe -m
    O4 - HKCU\..\Run: [5-2-170-110] c:\program files\Webdialer\connect.exe -m
    O4 - HKCU\..\Run: [60-1-1-66] c:\program files\Webdialer\60-1-1-66.exe -m
    O4 - HKCU\..\Run: [5-2-170-97] c:\program files\Webdialer\connect.exe -m
    O4 - HKCU\..\Run: [60-1-1-194] c:\program files\Webdialer\60-1-1-194.exe -m
    O4 - HKCU\..\Run: [5-2-170-29] c:\program files\Webdialer\connect.exe -m
    O4 - HKCU\..\Run: [60-1-1-245] c:\program files\Webdialer\60-1-1-245.exe -m
    O4 - HKCU\..\Run: [60-1-1-335] c:\program files\Webdialer\60-1-1-335.exe -m
    O4 - HKCU\..\Run: [60-1-1-318] c:\program files\Webdialer\60-1-1-318.exe -m
    O4 - HKCU\..\Run: [60-1-1-2] c:\program files\Webdialer\60-1-1-2.exe -m

    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll


    And ALL the O16 entries except for the Microsoft and Macromedia ones............if any are required in the future, you will be prompted to re-download them.

    Then reboot into >>>safe mode<<< Click Here for instructions find and delete :-

    c:\program files\Webdialer .... folder

    .....The entire contents of the C:\documents and settings\kellen\local settings\temp folder ( Do NOT delete the folder itself)

    .....The entire contents of the C:\documents and settings\MITCH\local settings\temp folder ( Do NOT delete the folder itself)

    Let us know and post a new log

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member chessy's Avatar
    Join Date
    Aug 2004
    Posts
    3
    Points
    0

    Default all is well

    followed fix and all is well

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi chessy

    Please post a new log ... I'm concerned about all the entries for the premium rate dialler that were in your log ... I'd like to check it again to make sure you are clean.

    Did you manage to delete this :-

    c:\program files\Webdialer .... folder


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -