YEp and pigs will fly..i think you should try another firewall, so you didn't get those problems
First we discuss the FIX then we postulate over the prevention.. and ****ing firewalls DONT block Adware...
To the problem:
HAVE YOU:
Enabled to view hidden and system files? (that is two settings)
Did you run adaware and spybot snd in SAFE MODE?
HAve you CLEARED ALL the TEMP folders.. thats is Windows\TEMP, Doc&Setting\USERNAME\Localsettings\TEMP, Temp internet etc etc..?
You will note in the HJT log the prevelence of programs in the Startup\RUN where the files exist in the user temp folder.. AND THAT IS NOT A RED FLAG TO ANYONE?
and that is santa ? come on guys RED FLAG RED FLAGO4 - HKCU\..\Run: [Ogcidhc] C:\WINDOWS\system32\r?ndll.exe
try these tools IN SAFE MODE..
AdwareAway http://www.adwareaway.com/
CleanUp312 http://home.comcast.net/~sgould4567/.../download.html
Silent Runners.vbs (Attach the log from this baby.to the your post.. .DONT paste it in the thread)
getservice http://www.bleepingcomputer.com/files/getservice.php (Attach the log from this baby.to the your post.. .DONT paste it in the thread)
You will find yourself in Command mode(Dont call it DOS to my face) playing with the Attrib command, and manually deleting things..
Here is my red flag list:
Also.. I would consider running a quick scan for VX2 aka VX2finder http://tools.zerosrealm.com/VX2Finder.exeO4 - HKLM\..\Run: [qt4tOm6] C:\documents and settings\molly\local settings\temp\qt4tOm6.exe
O4 - HKLM\..\Run: [PpnL] C:\documents and settings\molly\local settings\temp\PpnL.exe
O4 - HKLM\..\Run: [L] C:\documents and settings\molly\local settings\temp\L.exe
O4 - HKLM\..\Run: [esLcbM] C:\docume~1\molly\locals~1\temp\esLcbM.exe
O4 - HKLM\..\Run: [dqiwizho] C:\WINDOWS\System32\dqyknk.exe
O4 - HKLM\..\Run: [A3v] C:\documents and settings\molly\local settings\temp\A3v.exe
O4 - HKLM\..\Run: [4nj9mZq] C:\documents and settings\molly\local settings\temp\4nj9mZq.exe
O4 - HKLM\..\Run: [8pQFrT] C:\documents and settings\molly\local settings\temp\8pQFrT.exe
O4 - HKLM\..\Run: [5Fsi36e] atmlbmsg.exe
O4 - HKLM\..\Run: [p07kYOpv] c:\documents and settings\molly\local settings\temp\p07kYOpv.exe
O4 - HKLM\..\Run: [0gd0LDrut] C:\documents and settings\molly\local settings\temp\0gd0LDrut.exe
O4 - HKLM\..\Run: [tsvcin] C:\WINDOWS\system32\n20050308.EXE
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ipiprz.exe
O4 - HKCU\..\Run: [Ko3sRWK2e] urladdin.exe
O4 - HKCU\..\Run: [Ogcidhc] C:\WINDOWS\system32\r?ndll.exe
,,, BAck to You
Reply With Quote