pudgmo

Members
  • Content Count

    10
  • Joined

  • Last visited

About pudgmo

  • Rank
    Member
  1. Thanks sarahw! all looks good. Thanks for he links too.
  2. The computer seems to be running fine now, Thanks! ComboFix 07-12-21.4 - Owner 2007-12-29 6:44:45.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\QTFont.for C:\WINDOWS\QTFont.qfn . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sj404to C:\sj404to\hpcd.sjp C:\sj404to\setup.exe C:\sj404to\usdsloc.dl
  3. That did it... ComboFix 07-12-21.4 - Owner 2007-12-27 18:53:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.474 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-20 17:24 . 2007-12-20 17:24 <DIR> d-------- C:\Deckard 2007-12-18 07:05 . 2007-12-18 07:06 <DIR
  4. It say's combofix.exe is not a valid win32 application.
  5. Hi, Sorry it took so long. I'm showing hidden and system files... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:01 AM, on 12/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WIN
  6. Main.txt: Deckard's System Scanner v20071014.68 Run by Owner on 2007-12-20 17:25:07 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 67: 2007-12-20 23:25:11 UTC - RP103 - Deckard's System Scanner Restore Point 66: 2007-12-20 16:19:21 UTC - RP102 - System Checkpoint 65: 2007-12-19 15:19:22 UTC - RP101 - System Checkpoint 64: 2007-12-18 14:41:51 UTC - RP100 - System
  7. Thanks! I followed the steps, it didn't ask to replace wininet.dll, it did launch disk cleanup 2X's??? Also it did remove my desktop background. here are the results from rapport.txt... SmitFraudFix v2.269 Scan done at 7:05:46.31, Tue 12/18/2007 Run from C:\Documents and Settings\Owner\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskSchedul
  8. Thanks, I ran HostsXpert with all the steps. Same result with smitfraudfix. I also tried it with firefox. Edit: I shutdown zone alarm and got smitfraudfix, here's the log. SmitFraudFix v2.269 Scan done at 12:50:19.92, Sun 12/16/2007 Run from C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\At
  9. Thanks for helping MoNsTeR! When I click on... http://siri.urz.free.fr/Fix/SmitfraudFix.exe I get 'Internet explorer cannot display webpage.' I tried http://siri.urz.free.fr and clicked on smitfraudfix, same result. Edit: BTW it has also hijaked my homepage to http://iesecurepages.com/redirect.php Edit II: I ran ms malicious software removal tool from http://www.microsoft.com/security/malwareremove/default.mspx That seems to have gotten rid of the messages (and the hijack). I re ran hjt, here's the log Regards Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:16 AM, on 12/16/2007 Pla
  10. Hi, I'm getting messages about having spyware when I start ie. the first one is a message box telling me I have W32.Myzor.FK@yf and wanting me to buyt he removal tool. then I get a ballon saying it found Trojan-Spy.Win32@mx and wanting me to buy he removal tool, Help! Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:36:14 PM, on 12/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\