• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Cinn

Removed WToolsA virus, still having problems

8 posts in this topic

I am having problems with IE opening up popup windows when I am connected to the internet even when I am not using that browser (I am using Mozilla right now). I looked at my task manager and Wtoolsa, wsup, and adusermon were running. I deleted them following the instructions in this thread:

http://forums.spywareinfo.com/index.php?showtopic=14484

 

I ran Spybot and Adaware. Adaware keeps finding some files that it can't delete (even when I reboot and rerun it as directed). The files are C:/windows/system/sarapi.dll and C:/windows/system/wdock32.dll When I search for sarapi and try to delete it, it says it is in use by the computer and cannot be deleted (even in safe mode).

 

I downloaded hijackthis, but I have no idea what I am looking at there. Here is my log from hijackthis (after running Spybot and Adaware):

 

Logfile of HijackThis v1.97.7

Scan saved at 9:54:29 AM, on 7/26/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.prodigy.net;enroll.prodigy.net;enroll-isp.prodigy.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa

R3 - Default URLSearchHook is missing

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)

O9 - Extra 'Tools' menuitem: PopThis! Options... (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7920.7827777778

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

I hope I have followed all of the instructions in the FAQ correctly regarding posting. Thanks in advance for any assistance you can offer.

 

Cinn

Share this post


Link to post
Share on other sites

You need to update your Internet Explorer to IE 6. Using an out of date browser is a big security risk.

 

Download Lspfix. Disconnect from the internet, and close all browser windows.

Unzip and run it. Click the "I know what I'm doing" button. Check all instances of lspak.dll (and nothing else), move them to the "Remove" pane and click Finish.

 

Move Hijackthis off your desktop (extract from zip)into a permanent folder. Example:

c:\program files\hijackthis\hijackthis.exe

 

This will allow backups to be made and saved By hijackthis in case something goes wrong.

 

Place a check next to the following entries, then close all open windows except hijackthis and click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa

R3 - Default URLSearchHook is missing

Then reboot.

 

Download VX2 finder

http://downloads.subratam.org/VX2Finder9x(126).exe

 

Open VX2 finder

Click the find vx2 button

then click the make log button.

 

Post the log along with a fresh hijackthis log.

Share this post


Link to post
Share on other sites

Thanks, Racktracker.

 

I've followed the steps that you outlined (I did not update to IE 6 yet, but I will do so.)

 

Here are the logs you requested:

 

Log for VX2.BetterInternet File Finder (ver126)

 

Files Found---

C:\WINDOWS\SYSTEM\InSETUP.DLL

C:\WINDOWS\SYSTEM\NuSWAN16.DLL

C:\WINDOWS\SYSTEM\SaRAPI.DLL

C:\WINDOWS\SYSTEM\SkRAPI.DLL

 

 

User Agent String---

{05EE7061-D680-11D8-836B-444553540000}

 

 

Logfile of HijackThis v1.98.0

Scan saved at 9:36:08 PM, on 7/26/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\MY DAILY HOROSCOPE\MYDAILYHOROSCOPE.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\CONNECTIONMANAGER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\NOTEPAD.EXE

C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\MATHIES.COM\POPTHIS!\POPTHIS.DLL

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\MATHIES.COM\POPTHIS!\POPTHIS.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

Share this post


Link to post
Share on other sites

Open Lspfix again. Disconnect from the internet, and close all browser windows.

Unzip and run it. Click the "I know what I'm doing" button. Check all instances of cdlsp.dll (and nothing else), move them to the "Remove" pane and click Finish.

Close lsp fix.

 

Run VX2Finder9x.exe again.

Click the "Click to find VX2 BetterInternet Button

Select all those files then click Delete files.

Then cick "User Agent$" which will restore the proper one.

Then "Restore Desktop" (Dont be alarmed. The desktop will disapear then reappear again.)

Next click "Import Reg"

Close VX2 finder.

 

Open Adaware.

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys.

Right-click in that pane and choose "select all"

Now press "Next" again.

It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.

 

Then run another hijackthis scan and post your new log here.

Share this post


Link to post
Share on other sites

Thanks again, Racktracker.

 

Here's the new log:

 

Logfile of HijackThis v1.98.0

Scan saved at 1:29:27 AM, on 7/27/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSGLOOP.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\MSG32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcy/default...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcy/default.../search/ie.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080;http=proxy.prodigy.net:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.prodigy.net;enroll.prodigy.net;enroll-isp.prodigy.net

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL

O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\MATHIES.COM\POPTHIS!\POPTHIS.DLL

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\MATHIES.COM\POPTHIS!\POPTHIS.DLL

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

Share this post


Link to post
Share on other sites

Very good, your hijackthis log looks good.

Run vx2 finder again and have it make a log. If the log doesn't have any entries then all is well, if there are any entries then post it and I'll have a look at it.

 

Other than that, don't forget to update your Internet Explorer and everything should be good.

 

You should read this to help prevent future problems.

 

So how did I get infected

Share this post


Link to post
Share on other sites

I ran vx2 finder again, and it came up clean. I am popup free and extremely grateful for the help I've received in this thread, Racktracker. Y'all are the best! I will definitely upgrade my IE and check out that link. These problems have shown me that I need to be much more diligent in my computer security precautions. My only concern now is that when I tried to run defrag overnight last night, it was only 1% complete when I woke up in the morning. A friend suggested that I try to run it in safe mode instead. I am going to try that tonight.

 

Thank you, thank you, thank you!

Share this post


Link to post
Share on other sites

If you haven't defraged your hard drive in some time it may take a while to complete. Try running disk cleanup first and delete all your temp and temp internet files, that will lighten the load.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0