Results 1 to 20 of 20

Thread: now my sg posts are missing

  1. #1
    Advanced Slacker slacker361's Avatar
    Join Date
    Feb 2002
    Posts
    359

    now my sg posts are missing

    last night i posted about being hagged, and yeoldstonecat replied to me, thanks bud, i did everything that you said to do, the problem is that it is the wdmaud.sys that is redirecting my browser firefox. and I cannot get rid of it, any ideas how to get rid of the wdmaud.sys as it keeps comming back after i delete it

    thanks guys
    this equipment list isnt current please ignore MSI kt7 133amobo,AMD Athalon 1Ghz g3Ti200 Pro td 128, 1gig pc133, 2 40gig hd, wireless network,dlink,HP Photsmart 7150,Kodak easyshare ls433 camera,Dazzle dvd creation station 200...... windows XP sp1+more to follow

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,877
    Yeah the old server starting having massive issues....I guess it knew it was being replaced very soon, and it got jealous and decided to jump off the cliff before Philip was done (was going to be more slowly phased over in the next couple of weeks)...so Philip had to rush things last night. The new server was being tested with some databases that were a day or two old...he was going to attempt to bring the current database over from the old server last night...but apparently it didn't make it. He might give it one more try...so this most might disappear and last nights thread may come back.

    Anyways, I had gone back and edited my post with several more tools...so which tools did you actually run?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,877
    Just to ad, wdmaud.sys is a legitimate Windows system file related to sound, and the normal one will live at C:\Windows\system32\drivers\

    There's a browser redirect trojan that copies that name, and it will be installed into C:\Windows\system32\

    So you may want to bounce into safe mode, delete the one you find in system32, and ensure the legit one still lives in system32\drivers
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  4. #4
    Advanced Slacker slacker361's Avatar
    Join Date
    Feb 2002
    Posts
    359
    Well if the driver wdmaud is a good one. Then that isn't my problem I have some sort of browser highjack going on and all the suggestions haven't fixed it
    this equipment list isnt current please ignore MSI kt7 133amobo,AMD Athalon 1Ghz g3Ti200 Pro td 128, 1gig pc133, 2 40gig hd, wireless network,dlink,HP Photsmart 7150,Kodak easyshare ls433 camera,Dazzle dvd creation station 200...... windows XP sp1+more to follow

  5. #5
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Run a Hijack this report and post it.

    http://free.antivirus.com/hijackthis/
    Success is a lousy teacher. It seduces people into thinking they can't lose. -Bill Gates

  6. #6
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,877
    Did you find which file it is? Read my 2nd sentence in the prior post about a common browser redirect trojan that mimics that legit file..but it's installed in a different directory.

    And to be able to futher help...which tools did you run last night? Remembering that I edited my post and added a few more tools..so I don't know which version of the post you read last night and tried.

    When you download and install the removal tools...are they able to successfully update their databases? NEED TO ensure that...often you can download a removal tool, but the infection blocks you from updating them, so they'll scan with like...ancient 6 months old definitions which may be useless. Need to ensure they get updated, there are often manual update tools avail for some tools to ensure this.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  7. #7
    Advanced Slacker slacker361's Avatar
    Join Date
    Feb 2002
    Posts
    359
    well i ran all that you told me too unfortunately i dont remember all of them, they all seemed to update ok. some were the spybot sd cc cleaner the norton cleaner, and i cant remember all the others you had me do but i did them all.

    here is the hijack log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:31:16 AM, on 6/4/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\System Control Manager\MSIService.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Tracey Sherman\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ArcURLRecord.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International
    O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    this equipment list isnt current please ignore MSI kt7 133amobo,AMD Athalon 1Ghz g3Ti200 Pro td 128, 1gig pc133, 2 40gig hd, wireless network,dlink,HP Photsmart 7150,Kodak easyshare ls433 camera,Dazzle dvd creation station 200...... windows XP sp1+more to follow

  8. #8
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,877
    I remember some steps...
    Disable system restore (most likely your infected files were backed up the last time you rebooted, and if you spend alllll this time to clean your rig without turning off system restore, the next time you reboot...often malware will reinfect your system because it crawls out of system restore and bites your system again..so you just wasted all your time)
    Run CCleaner
    Update all malware cleaning programs
    Run MalwareBytes
    Run Spybot S&D (I see you have that)
    Run SuperAntiSpyware
    Eset Rogue AV Remover
    http://kb.eset.com/esetkb/index?page...nt&id=SOLN2372
    Sophos Rootkit Remover
    http://www.sophos.com/products/free-...i-rootkit.html
    Norton Power Eraser
    http://security.symantec.com/nbrt/npe.asp
    A TCP/Winsock repair utility

    And..McAfee is..yuck. Bogs down your system and cant find its way out of a paper bag. Practically all malware slips past that program. Get a GOOD AV program on there..there are several very good free ones, Microsoft Security Essentials, or Avast, or AntiVir, or Panda Cloud.

    If your system is almost unworkable....cannot run apps because system shell extensions are tanked or the rogue changed security values preventing you from running things like regedit or taskman, there are tools like Symantecs UnhookExec.inf and FixWin

    You need to find out if the wdm...sys file you have is the legit one..or the illegit one (mentioned in prior post..). It's all just guesswork until that answer is found.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  9. #9
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    First is to run through your add/remove programs list and trash anything that looks like junk (just helps to clean the comp up) I remove all toolbars I find as I've seen some of the vundo variants attach to them for some reason. You can always install them again later so don't worry about it.

    2nd thing is to TURN OFF System Restore!!!

    3rd go to Start,Run, and type in msconfig and uncheck anything that looks funny from the Startup Tab including IM's for the time being as you will want to restart the computer fast and keep the variants from starting as well.

    Load CCleaner (no need to install this, its portable!) and select everything to clean! - http://www.majorgeeks.com/CCleaner_Portable_d5735.html
    Load/update Avast Home - http://www.avast.com
    Load/update superantispyware - http://www.superantispyware.com
    Load/update Malwarebytes - MalwareBytes
    Load/update spybot Search & Destroy 1.6 - spybot
    Download - msautoruns ms Autoruns

    Boot into safemode and set Avast for a bootscan upon restart- preselect it to delete anything it finds etc but don't reboot the computer.

    Run ccleaner to remove all junk and crap from your temp files etc.. you will still need to set hidden files/folders to show up in the folder options and browse to your Local folder within your user account and select all files in Temp and temp internet files folder and delete EVERYTHING!

    Next run superantispyware full scan..if it finds major things mostly whats found in memory it will require reboot..thats fine reboot and then let avast run its scan and boot into windows normally.

    Run MalwareBytes and remove whatever it finds.

    Next run msautoruns and again check for anything odd usually not showing a publisher or a looks like this "jaleiwa.exe" etc you get the idea. Just right click on them and delete thats it. Close auto runs and then run spybot to finish up that last ditch scan clean up using it.

    Run ccleaner once more then reboot and see where you stand after this point. Keep in mind this may take at least 4hours to complete but it should remove everything if you've done it right!

    Good Luck!

  10. #10
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Follow Cats advice and then if the problems persist, have HJT remove these and reboot, clear out system restore and Windows Prefetch folder.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

    If you don't recognize this address, remove this entry also:

    O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw

    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    Success is a lousy teacher. It seduces people into thinking they can't lose. -Bill Gates

  11. #11
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,784
    hijack this is on version 2.04, btw.

  12. #12
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,784
    I recommend this too:

    http://www.eset.com/online-scanner

  13. #13
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,784
    Anyone use spyware doctor? http://www.pctools.com/spyware-doctor/

  14. #14
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,784
    Dr. Web Cure-IT

  15. #15
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by CableDude View Post
    Anyone use spyware doctor? http://www.pctools.com/spyware-doctor/

  16. #16
    Advanced Slacker slacker361's Avatar
    Join Date
    Feb 2002
    Posts
    359

    Update

    ok guys i have run everything known to man to get rid of this and it still is running. it is the top two returns from a google search that redirects to another website when you select it? ANY IDEAS?
    this equipment list isnt current please ignore MSI kt7 133amobo,AMD Athalon 1Ghz g3Ti200 Pro td 128, 1gig pc133, 2 40gig hd, wireless network,dlink,HP Photsmart 7150,Kodak easyshare ls433 camera,Dazzle dvd creation station 200...... windows XP sp1+more to follow

  17. #17
    Certified SG Addict CableDude's Avatar
    Join Date
    Jun 2001
    Posts
    26,784
    Quote Originally Posted by Sava700 View Post

  18. #18
    resident Humboldt's Avatar
    Join Date
    Oct 2000
    Location
    Northern CA
    Posts
    27,788
    Tried scanning it from another healthy system as a data drive?

  19. #19
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    Quote Originally Posted by slacker361 View Post
    ok guys i have run everything known to man to get rid of this and it still is running. it is the top two returns from a google search that redirects to another website when you select it? ANY IDEAS?
    Back up data and format, the time your wasting trying to fix it is killing you and you may also be causing more harm than good.

  20. #20
    Advanced Slacker slacker361's Avatar
    Join Date
    Feb 2002
    Posts
    359
    ok i think i got it fixed , i used the commy.exe to scan and fix the puter. combofix.exe and i had an infected file and two other files that needed deleted.


    c:\windows\system32\FD.dll
    c:\windows\system32\logs

    Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
    Restored copy from - Kitty had a snack


    I post this in case anyone else has the problem and so we all can learn from my stupid mistake
    this equipment list isnt current please ignore MSI kt7 133amobo,AMD Athalon 1Ghz g3Ti200 Pro td 128, 1gig pc133, 2 40gig hd, wireless network,dlink,HP Photsmart 7150,Kodak easyshare ls433 camera,Dazzle dvd creation station 200...... windows XP sp1+more to follow

Similar Threads

  1. Windows 7 Connection Drop
    By 4ng3lux in forum Broadband Tweaks Help
    Replies: 3
    Last Post: 03-10-10, 09:15 PM
  2. hijackthis gurus (log posted)
    By Faust in forum Network Security
    Replies: 6
    Last Post: 08-21-09, 01:11 PM
  3. vista 64 slow upload - help
    By wickedweasel in forum Broadband Tweaks Help
    Replies: 13
    Last Post: 07-15-09, 09:35 PM
  4. Yet another slow connection thread...
    By ToastMan in forum Broadband Tweaks Help
    Replies: 17
    Last Post: 05-20-09, 07:56 PM
  5. TCPOptimizer settings for 8000/384 ADSL
    By Nova Phoenix in forum Broadband Tweaks Help
    Replies: 21
    Last Post: 07-29-08, 10:48 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •