jwbirdsong

Download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*]Once the update has completed select the "Scanner" icon at the top of

Which P2P did you D/L then uninstall?? Fasoo?? You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browse

I wouldn't have been THAT patient......hee hee But i also REALLY would like to see log from a scan... would you be willing to try ONE more?? Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

Would you upload another file or two for me plz to the same link as before C:\XP\system32\71430B71.exe C:\xqsjepbn.bat They are probably or something we have done in the last couple days or so.......or if YOU know what they are no need to upload. Updating Java and Clearing Cache Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs. Search in the list for all previous installed versions of Java. (J2RE Runtime Environment.... ) It should have next icon next to it: Select it and click Remove.Now please install the Java Runtime Environment (JRE) 6.0 Update 1

K Copy the following to a new notepad file and save to your desktop as "fix.reg". Make sure to INCLUDE the quotes as you are naming the file in Notepad. If done correctly it will have an icon like . Now right click fix.reg and choose Merge it should ask for confirmation then give a sucess msg. You MUST be connected to the internet for the next part 1. Download - rustbfix.exe from HERE ...and save it to your desktop. 2. Double click on rustbfix.exe to run the tool. 1. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will

You been (at least) a half a step ahead of me the whole way....Process Explorer (the one from SysInternals ??) was my next recommendation to you. All of your scan look good w/ possibly one exception. I'd like you to upload one file or me to look at please. Please go here to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for this filename: C:\XP\system32\DRIVERS\EXPORTIT.SYS In the comments, please mention that I asked you to upload this file Click on Send File The ONLY other references I find to it are a Kodak fil

Kind of in reverse order. Host Intrusion Prevention like System Safety Monitor or Kaspersky's Proactive Defense Module Yep..one note on the 'usage speech' I inluded...each time you save one of the results you need to change name else it will overwrite previous result--it does NOT append. I see in my previous reply some how my link for Blacklite didn't get included. http://www.f-secure.com/exclude/blacklight/index.shtml Then follow instruction in last post. Just make sure to get the GRAPHIC and not the commandline version. It's QUITE possible that your high CPU usage is NOW due to the fact

Sorry for the delay, lots going on. As you can well imaging log are our one line into your computer so the more info I have the better armed I'll be... You said you ran the Rustock.b-fix.. Was it the -- By ejvindh?? Could you post that log also please. Download and Save Blacklight Beta (graphical user interface version) to your desktop. Double-click fsbl.exe then accept the agreement. click > scan then > next, You'll see a list of all items found. Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe" :!: There will

Sir Siddy Having prob getting reply from friend or something??..should we keep this topic open a while longer??

Let's look a little deeper Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Open HJT one final time and put a check mark next to O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - HKCU\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot Make ALL other programs and windows and click Fix Checked. At some time between now and till just after Reboot; Spybot's TeaTime is going to give you a warning about a change to the registry.....Make sure to ALLOW the change. Since you can't run your Kaspersky you DESPERATELY need a new AV program...There are 3 GREAT, FREE ones listed in my signatre. You should go ahead and complet

Glad to hear it....Well as the last log looked good as you seem to be satistied with your computer now. we can about put this to rest..would you please post one final HJT log since you've uninstalled Sywarebot and it's been a few days since last one....just as a precaution.

actually if you are still having popup probs...let get a new one now.... What type of pops are you getiing specifically....ads for cleaning type of products or just random...non-related type popups?? Any info you can give will help us track it down.. As a matter of fact to (sort of) answer your question in other thread...let's take a look at some loading points and other reg entries/files on your machine. Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finishe

Good idea..several infections and a couple of unknowns.... Let's look at some files 1st please. Please go HERE to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for these filenames: C:\Program Files\Messenger\xuqacity.dll C:\Program Files\Movie Maker\tefojy.dll C:\Program Files\outlook\outlook.exe C:\WINDOWS\retadpu1000137.exe In the comments, please mention that I asked you to upload this file Click on Send File Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the windo

I have (in the past) upgraded skipping a version along the way. worked for me but prolly NOT the best method to use...I tend to agree with shanenin ..back up your /home/username and do a clean install then replace your home and you should be fine and lose no info that way.

Log is actually looking really good, seems we may have done it with one fell swoop. I do have a couple of question about 2 of the programs you show installed. WinVNC4 Did you install this?? If so that's fine I just remember it (or a version of it) used to be installed by some trojans for THEIR manipulation of the computer. If YOU installed it and it's used properly/securly it's a fine program. SpywareBot...Not a lot of info specifically on this but many reference as "program of dubious origin". It seems it and another program that this is/was based on were, IN THE PAST, listed as rougue/s

Well it does seem you've picked up an infection or two. You should print this out or copy it to Notepad for reading while doing the fix since you may NOT have IE or any other browser open during the fix, else the fix won't work. Please go to C:\Documents and Settings\snookedoggydog\Mes documents\Computers\Computer safety\HJT\ and right click on HijackThis.exe and rename to something like HJT or whatever you choose. You also have Tea-Timer running, which is a wonderful program, but it also will block our fix so we'll need to temporarily disable it till you are clean. Please disable TeaTimer fo

Yeah what they said... HAPPY BIRTHDAY

I'm still looking into the user switching....Please post a current HJT log. Sounds like you have been reinfected again..... we'll see... Which folder? Along with the HJT log please post the following also. Please download Rootkit Revealer (link is at the very bottom of the page) Unzip it to your desktop. Open the rootkitrevealer folder and double-click rootkitrevealer.exe Click the Scan button (bottom right) It may take a while to scan (don't do anything while it's running) When it's done, go up to File > Save. Choose to save it to your desktop. Open rootkitrevealer.txt on your deskto

Please download Look2Me-Destroyer to your desktop. Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected

First of all, you will need to print out this post and/or save a copy as a text file in Notepad; that way you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fix. You've got a couple of different major infections so it may take a few steps to clean up..just follow the post as written without skipping any steps and we'll get thought it just fine. Download Brute Force Uninstaller to your desktop Unzip it to a folder of its own (C:\BFU). BFU needs to be on your root. In most cases this is C:\Help with unzipping files is HERE [*]Right click on

Well I don't see anything out of line there...I'll look a little deeper into the user switching issue..... In the mean time would you do me a favor? Create a NEW user..set to administrator and see if you can switch user with the NEW account.

It MAY have to do with your running services, I'll take a look at those when you post again... Those are "saved" virusessessssess (virii) in your SystemRestore..we'll clean those out in one of your final steps. They are of NO consquence UNLESS you do a system restore. They can't be activated OR cleaned as they are now. Good choice in MY opinion. NO... WinXP sp2 has a built in firewall, which will protet you against things comming IN to your computer. A personal Firewall such as Zone Alarm...Kerio...Sygate etc will protect both incomming and OUTGOING connections. More on this issue HERE

First of all, you will need to print out this post and/or save a copy as a text file in Notepad; that way you have a hard copy of these instructions; you can not have IE/Firefox/any browser open during the fix Please stick with one thread. You are running two(or more) Anti-Virus programs..while one is a MUST have...running more than one is NEVER ACCEPTABLE. They will 'battle' for control of your system and resources; causing slowdown, errors and shut down. I see you have installed AVG7 since last post.....In my opinion this is a GREAT choice..it uses much less resources than MacAfee. You need