Kitemare
asked on
HiJack this log
I have been wrestling with a PC that has spyware/malware infections. I have used the latest Spybot, 1.6.0, adaware 2008, combo fix, smitfraud fix, Stinger. The issues started when the user noticed wierd web sites poping up about "deal or no deal" and other gems. Imediatly I noticed that Malware protector 2008 and XP protector had been installed. I removed these manually. I also noticed that the security center icon was missing from control panel and automatic updates services will no longer start rendering windows updates iuseless. I manages to get rid of the programs and combo fix appeared to clean up some of the mess. I loaded sp3 (was on sp2).
I thought I was making headway however it appears I have not gotten rif of the unsolicited IE windows that keep popping up iwth great offers ! and the automatic updates service still refuses to start.
I am at my wits end and am now running hijack this for the first time ever as I really dont want to have to reload tis PC if I can help it.
Here is the log, can somebody please check it out and let me know if they have any ideas.
Thanks in advance
Jamie
************************** ********** ********** ********** ********** **********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52, on 2008-07-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aa wservice.e xe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\LogMeIn\x86\RaMaint. exe
C:\WINDOWS\system32\CAP3RS K.EXE
C:\Program Files\LogMeIn\x86\LogMeIn. exe
C:\Program Files\LogMeIn\x86\LMIGuard ian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm 12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EX E
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\FSRrem oS.EXE
C:\WINDOWS\system32\igfxtr ay.exe
C:\WINDOWS\system32\hkcmd. exe
C:\WINDOWS\system32\igfxpe rs.exe
C:\WINDOWS\System32\DLA\DL ACTRLW.EXE
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
C:\Program Files\Picasa2\PicasaMediaD etector.ex e
C:\Program Files\Java\jre1.6.0_05\bin \jusched.e xe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\LogMeIn\x86\LogMeInS ystray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy. exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTra y.exe
C:\Program Files\LogMeIn\x86\LMIGuard ian.exe
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\CAP 3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\ DRIVERS\W3 2X86\3\CAP 3SWK.EXE
C:\Program Files\Logitech\SetPoint\Se tPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALM NPR.EXE
C:\Program Files\Java\jre1.6.0_05\bin \jucheck.e xe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd. exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpe rs.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL ACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD etector.ex e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin \jusched.e xe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\CAP 3ONN.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInS ystray.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dump rep 0 -u
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy. exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTra y.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [c4e49964] rundll32.exe "C:\WINDOWS\system32\frqgd cgx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\ drivers\w3 2x86\3\CAP 3LAK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\Se tPoint.exe
O4 - Global Startup: Sync.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_05\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_05\bin \ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O15 - Trusted IP range: http://192.168.0.40
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9 0FFA846DF7 E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4AFA7A89-8B3F-4096-A7A5-F 8D997AABA8 2} (DSDKPACK Control) - http://192.168.0.40/cab/sdkinstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209596309993
O16 - DPF: {C90F2ABA-5734-4CE3-B1CC-3 0D5C2D0FA8 B} (Project1.ptzslidernew) - http://192.168.0.40/cab/newslider.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = henrybucks.local
O17 - HKLM\Software\..\Telephony : DomainName = henrybucks.local
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = henrybucks.local
O17 - HKLM\System\CS2\Services\T cpip\Param eters: Domain = henrybucks.local
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aa wservice.e xe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\L BTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU P~1\LUCOMS ~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint. exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn. exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 8876 bytes
I thought I was making headway however it appears I have not gotten rif of the unsolicited IE windows that keep popping up iwth great offers ! and the automatic updates service still refuses to start.
I am at my wits end and am now running hijack this for the first time ever as I really dont want to have to reload tis PC if I can help it.
Here is the log, can somebody please check it out and let me know if they have any ideas.
Thanks in advance
Jamie
**************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52, on 2008-07-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aa
C:\WINDOWS\system32\spools
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchos
C:\Program Files\LogMeIn\x86\RaMaint.
C:\WINDOWS\system32\CAP3RS
C:\Program Files\LogMeIn\x86\LogMeIn.
C:\Program Files\LogMeIn\x86\LMIGuard
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EX
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\FSRrem
C:\WINDOWS\system32\igfxtr
C:\WINDOWS\system32\hkcmd.
C:\WINDOWS\system32\igfxpe
C:\WINDOWS\System32\DLA\DL
C:\Program Files\Common Files\InstallShield\Update
C:\Program Files\Picasa2\PicasaMediaD
C:\Program Files\Java\jre1.6.0_05\bin
C:\WINDOWS\system32\svchos
C:\Program Files\LogMeIn\x86\LogMeInS
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTra
C:\Program Files\LogMeIn\x86\LMIGuard
C:\WINDOWS\system32\rundll
C:\WINDOWS\system32\ctfmon
C:\Program Files\Google\GoogleToolbar
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spool\
C:\WINDOWS\SYSTEM32\SPOOL\
C:\Program Files\Logitech\SetPoint\Se
C:\Program Files\Common Files\Logishrd\KHAL2\KHALM
C:\Program Files\Java\jre1.6.0_05\bin
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaD
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe"
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInS
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTra
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [c4e49964] rundll32.exe "C:\WINDOWS\system32\frqgd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\Se
O4 - Global Startup: Sync.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O15 - Trusted IP range: http://192.168.0.40
O16 - DPF: {1239CC52-59EF-4DFA-8C61-9
O16 - DPF: {4AFA7A89-8B3F-4096-A7A5-F
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {C90F2ABA-5734-4CE3-B1CC-3
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aa
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\L
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 8876 bytes
ASKER
Combo log attached, many thanks for your interest..!
log.txt
log.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran the comfix as suggested, one thing I hadn`t mentioned was thet the the MS MRT was not running, it would initialise and then just stop running and the temp folder was deleted. After runing your script and then combo fix again. It appeared to do the trick. I could then run MS MRT which also found 1 item which I removed. After this the web sites no longer pop up. Also I was able to run Windows update (Auto updates service now running). So as we say in Australia "you're a ledgend". Many thanks
Glad to know that the issue is resolved.
Thanks for the compliment, very much appreciated, :)
Now that combofix has done its job you can then uninstall it.
Uninstalling it will delete its folder/files and its backup.
It will also reset your System Restore.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Thanks for the compliment, very much appreciated, :)
Now that combofix has done its job you can then uninstall it.
Uninstalling it will delete its folder/files and its backup.
It will also reset your System Restore.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
ASKER
Thanks will do..
ASKER
Have I awarded the points correctly? I havn't done this before.
It appears that this thread is still open.
It's okay, just click on the "Accept as Solution" button in any of the comments that solved or lead to the solution.
Thanks!
It's okay, just click on the "Accept as Solution" button in any of the comments that solved or lead to the solution.
Thanks!
Thanks!
Well done, you have closed the question and awarded the points.
Thank you for using Experts-Exchange!
Well done, you have closed the question and awarded the points.
Thank you for using Experts-Exchange!
Can you please attach the combofix log.