I saw where you wanted me to post the log file but I didn't know where. I
guess I overlooked that part when I was reading it. I'm not familiar with
AumHa. Is that a website? I saved the logfile so I can copy it wherever it
needs to go.
:
Hi cacdrc
Thank you for the additional information, it does help. You did right in
running all the programs and your AV in Safe Mode. That is the best method.
One more thing, did you create the HiJackThis log and post it in the AumHa
forum according to the instructions? I know that you can save it to the
folder on the desktop, the then post it on the forum after you return to
normal mode. If you have, please let me know under what name it is and when
so that I can check on it, I'd like to see what the experts say about the
log and what they find. If you haven't done so yet, please do so from Safe
Mode, save the log, and then copy and post the log to the AumHa site I
provided as soon as possible. It may be the key to getting a hold of the
hijacker. Although the file you mentioned file is a legitimate file, it
could have been altered, and we need to know by what if possible. It and a
few others may need to be cleaned or deleted and replaced to clean the
system. The experts at AumHa can tell you what is needed to be done.
Thank you for your help and patience. It is sometimes much harder to get
rid of the junk than it is to get it in the first place. You are doing a
great job on your end!
Jan
Smiles are meant to be shared,
that's why they're so contagious.
I don't remember which program it was that found this file. I'm at work so
I
don't have everything in front of me. But it was one of the ones you told
me
to download & install.
I got a little confused by your instructions because I wasn't sure which
programs you wanted me to run in Safe Mode. So I downloaded all the
programs
you had in your post and then I went to safe mode and ran all my
anti-virus
programs, then the programs I had downloaded. The Registrar Lite program
didn't detect a value for the AppInit dll. When I double-clicked on it and
the box came up, the value field was blank. I ran the programs from Silent
Runner in the order you told me to anyway. I wasn't sure when to run About
Buster, so I ran it last. I think that's where I got the file (notepad)
that
gave me the info I posted. I had a long list of processes running and it
indicated I had 2 infections on my PC. That was one of them. Don't
remember
what the other one was but I think it was a legitimate record as well.
Whatever is on there is still attacking my home page, so I guess I haven't
resolved the problem yet. Don't know what else I can do. I do appreciate
all
your help, though.
:
Hi cacdrc
I think I found the file but I want to be sure before I run the script
to
delete it. This is what I see.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! "igfxcui\DLLName" = "igfxsrvc.dll" ["Intel
Corporation"]
Is the file I want to delete "igfxsrvc.dll"?????
Also,. what program were you using to find this file? Was it one of the
scumware scan programs?
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other
readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm