Another person with the AxFreePorn dialer problem

Ok, sent those two files to you.
Here is the uninstall list:

Ad-Aware SE Personal
Adobe Acrobat 4.0
AppCore
ATI Video Player
AV
AVG Anti-Spyware 7.5
ccCommon
CCleaner (remove only)
ClickPic version 1.1
Creative MediaSource
DTS Neo:6 Settings
DVD43 v3.9.0
Fellowes/NEATO MediaFACE
Google Toolbar for Internet Explorer
GrammarPro
Hijackthis 1.99.1
HijackThis 1.99.1
HP DeskJet 895C Series (Remove only)
HP Imaging Device Functions 6.0
HP Photosmart Cameras 6.0
HP Photosmart Essential
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
Intel A/V Codecs V2.0
Intel Security Driver
Internet Worm Protection
IrfanView (remove only)
ItsDeductible Express
J2SE Runtime Environment 5.0 Update 11
LiveUpdate 3.1 (Symantec Corporation)
MAGIX audio cleaning lab 10
MAGIX audio cleaning lab 2004
MAGIX Media Manager 2004 silver
Mercury Network Accelerator
Microsoft Office 2000 Premium
Microsoft XML Parser and SDK
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
Nero 7 Ultra Edition
NewMedia 2.0
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Ghost
Norton Protection Center
NTI CD-Maker 2000 Plus
Outlook Express Update Q330994
Pdf995
PdfEdit995
QuickTime
RealPlayer Basic
SafeCast Shared Components
Sound Blaster Audigy 2 ZS
SPBBC 32bit
Spybot - Search & Destroy 1.4
Symantec
SymNet
TaxCut Premium 2006
Text-To-Speech-Runtime
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
WexTech AnswerWorks
Window Washer
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP1) [See Q321856 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
Yahoo! Customizations
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

 

Regarding it disconnecting again. Since I ran AVG I dont think it has. But when I was setting up to run AVG last night it popped back up again after I sent you those files and after I deleted them from my hard drive. Went to the same location, everything was the same on it when it reappeared except the numbers at the end were different. I wasnt on long enough last night after I ran AVG to really tell if it was gone.

Should be able to tell tonight.

Thanks again for your help!

 

Ok, the dialer popped again. So it still there.

Here is the path from the desktop this time.



C:\Documents and Settings\Mike Blue\Local Settings\Temp\1173996728stjHa.exe

 

Hi

Thanks for those files. They were infected.
A varient of Agent.AWF
This trojan replaces programs that outostart with trojaned versions of itself, creates folders called "bak" in the folder where that program is and puts the good file in the "bak" folder.

AVG already nuked some files so we'll replace them with the backups and replace the still infected ones.

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Do nothing with it yet.

This file is intended for this user only! Each computer is different and will require a different fix!

Copy the following text inside code box to a new notepad file
Make sure "wordwrap" is off
Save as file name fix.bat
As file types: All files
Save it to your desktop. Do nothing with it yet.

Code:

@ECHO OFF
move /y C:\WINDOWS\bak\UpdReg.EXE C:\WINDOWS
move /y  "C:\Program Files\QuickTime\bak\qttask.exe"  "C:\Program Files\QuickTime "
move /y  "C:\Program Files\Internet History Eraser\bak\heraser.exe"  "C:\Program Files\Internet History Eraser "
move /y  "C:\Program Files\dvd43\bak\dvd43_tray.exe"  "C:\Program Files\dvd43 "
move /y  "C:\Program Files\Mercury Network Accelerator\bak\trayctl.exe"  "C:\Program Files\Mercury Network Accelerator "
move /y  "C:\Program Files\Real\RealPlayer\bak\realplay.exe"  "C:\Program Files\Real\RealPlayer "
move /y  "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"  "C:\Program Files\HP\HP Software Update "
move /y  "C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe"  "C:\Program Files\Creative\SB Drive Det "
move /y  "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"  "C:\Program Files\Common Files\Symantec Shared\Security Center "
move /y  "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe"  "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer "
move /y  "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE"  "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio "
move /y  "C:\Program Files\Creative\MediaSource\RemoteControl\bak\RCMan.EXE"  "C:\Program Files\Creative\MediaSource\RemoteControl "

Download: ResetProtocolDefaults.reg to your desktop.
http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

Do nothing with it yet.

Download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop

Do nothing with it yet.

Boot to SAFE mode:

[*]Restart your computer

[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;

[*]Select the first option, to run Windows in Safe Mode, then press Enter.

[*]Choose your usual account.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

Locate DelDomains.inf, right click it and choose install
You will see nothing happening cept the curser might go to hourglass a sec.
This will delete any bad trusted domains.


Locate ResetProtocolDefaults.reg
Right click it, select merge, OK the prompt.
This will reset default security zones for IE.

Locate Fix.bat you created earlier and double click it.
A "dos" box will flash up quick and dissapear.
This is normal.

Reboot back to normal mode and post both a new hijackthis log and a FindAWF log.

I want to make sure the good files got moved over to origional locations before deleting the "bak" folders.

Let me know how machine is running.

Thanks

 

Hi again,

I forgot to add if you had IE-Spyad or SpywareBlaster installed these will need to be re-installed.

 

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:43:33 PM, on 3/16/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {487BEC95-89FF-B4B9-EE19-CF3344F20AD7} - C:\WINDOWS\syytupvq.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Mercury Network Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8C2E4620-FFB9-3F53-6848-07C7762660C4} - C:\WINDOWS\syytupvq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O3 - Toolbar: Search - {8F4D0BD6-AF72-747E-3904-08FCB4B8EAD6} - C:\WINDOWS\syytupvq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Mike Blue "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://a1440.g.akamaitech.net/7/144...content.com/02000089/cccabs/CleverContent.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/048be75f0208809ba523/netzip/RdxIE601.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.teslatheband.com/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5681FE07-4E1D-4479-AAEA-5ADF23007A92}: NameServer = 64.7.161.12 64.7.161.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs:
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

07/09/2001 10:50 AM 155,648 NeroCheck.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\WASHER\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\INTERN~2\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DVD43\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MERCUR~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CREATIVE\SBDRIV~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

11/10/2005 09:44 AM 94,208 NMBgMonitor.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\SURROU~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CREATIVE\SBAUDI~1\DVDAUDIO\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\REMOTE~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

155648 Jul 9 2001 "C:\WINDOWS\SYSTEM32\NeroCheck.exe "
155648 Jul 9 2001 "C:\WINDOWS\SYSTEM32\bak\NeroCheck.exe "
94208 Nov 10 2005 "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
94208 Nov 10 2005 "C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe "


end of report

 

My computer seems to be running ok at the moment.

 

Ok, my computer has been online for 5 hours now and the dialer has not fired. Dont want to jinx it, but I think it may be gone.

I will be online alot tomorrow so that should tell for sure.

I really appreciate all the help given!

 

Hi,

Glad to hear things are running well.
Looks like the files that were in those bak folders were placed just fine.

You can delete "fix.bat" (we're making a new one)

Few items to fix with Hijackthis:

Open Hijackthis
Run system scan and check:

R3 - URLSearchHook: (no name) - {487BEC95-89FF-B4B9-EE19-CF3344F20AD7} - C:\WINDOWS\syytupvq.dll (file missing)
O2 - BHO: (no name) - {8C2E4620-FFB9-3F53-6848-07C7762660C4} - C:\WINDOWS\syytupvq.dll (file missing)
O3 - Toolbar: Search - {8F4D0BD6-AF72-747E-3904-08FCB4B8EAD6} - C:\WINDOWS\syytupvq.dll (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/048be75f0208809...p/RdxIE601.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs:


Close all open windows and click "fix checked ", then OK.

You may get an error with the O20 line. Just OK the error. All is happening is HJT is trying to back up a non existant file.

Exit Hijackthis and reboot.

The following file is intended for this user only! Running this file on other systems may harm your PC!

Copy the following text inside code box to a new notepad file.
Save as file name fix2.bat
As file types: All Files
Save it to the desktop.

Code:

@echo off
rd /s /q C:\WINDOWS\BAK
rd /s /q C:\WINDOWS\SYSTEM32\BAK
rd /s /q C:\PROGRA~1\QUICKT~1\BAK
rd /s /q C:\PROGRA~1\WASHER\BAK
rd /s /q C:\PROGRA~1\MSNMES~1\BAK
rd /s /q C:\PROGRA~1\INTERN~2\BAK
rd /s /q C:\PROGRA~1\DVD43\BAK
rd /s /q C:\PROGRA~1\MERCUR~1\BAK
rd /s /q C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
rd /s /q C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
rd /s /q C:\PROGRA~1\REAL\REALPL~1\BAK
rd /s /q C:\PROGRA~1\HP\HPSOFT~1\BAK
rd /s /q C:\PROGRA~1\CREATIVE\SBDRIV~1\BAK
rd /s /q C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\BAK
rd /s /q C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK
rd /s /q C:\PROGRA~1\CREATIVE\SBAUDI~1\SURROU~1\BAK
rd /s /q C:\PROGRA~1\CREATIVE\SBAUDI~1\DVDAUDIO\BAK
rd /s /q C:\PROGRA~1\CREATIVE\MEDIAS~1\REMOTE~1\BAK

Once saved, double click it and let it run.
A "dos" box will flash up quick & close. This is normal.
That just deletes the now empty "bak" folders.

Re-run Hijackthis scan again and post the new log please.
Run FindAWF again and post the log please.

Let me know if still OK.

Thanks

 

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:11:38 AM, on 3/17/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Mercury Network Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8C2E4620-FFB9-3F53-6848-07C7762660C4} - C:\WINDOWS\syytupvq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Mike Blue "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://a1440.g.akamaitech.net/7/144...content.com/02000089/cccabs/CleverContent.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.teslatheband.com/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5681FE07-4E1D-4479-AAEA-5ADF23007A92}: NameServer = 64.7.161.12 64.7.161.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

 

Hi,

Looking pretty good.
Almost there I think.

Start Hijackthis
Run system scan and check:

O2 - BHO: (no name) - {8C2E4620-FFB9-3F53-6848-07C7762660C4} - C:\WINDOWS\syytupvq.dll (file missing)

Close all open windows except Hijackthis and click "fix checked ", then OK.

Rescan & save log.

Post log.

Still no dialer popups?

Thanks

 

Logfile of HijackThis v1.99.1
Scan saved at 12:27:37 PM, on 3/17/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Mercury Network Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Mike Blue "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://a1440.g.akamaitech.net/7/144...content.com/02000089/cccabs/CleverContent.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.teslatheband.com/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5681FE07-4E1D-4479-AAEA-5ADF23007A92}: NameServer = 64.7.161.12 64.7.161.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

No, the dialer has not popped up since 2 days ago.

 

Hi,

Good to hear.

Can you open Text files in notepad now or do they still open in Magix?

You can delete the tools we used:

WinPFind3u
HJTSetup.exe
FindAWF.exe
Fix.bat
Fix2.bat
REsetProtocolDefaults.reg
DelDomains.inf

You can go back and hide system files again.

Open Folder options in control panel.
Click view tab
Check:

"hide protected operating system files and folders "
"do not show hidden files or folders "

I would leave "hide file extensions for known file types" UNchecked.

After a few reboots and checking to see that all is well; it is highly recommended to reset your system restore to remove any possible backed up infected files there.

Right click "my computer "
Click "properties "
Click "system restore" tab
Checkmark "turn off system restore "
Hit apply> ok> ok.

Reboot

Go back and turn system restore back on by removing the check, hit apply, and OK.

A new restore point is created at this time.
You will not be able to restore computer to any earlier than today.

------------------------

You are really behind on XP updates.
XP is now at Service Pack 2
Without these updates you leave yourself wide open to a ton of exploits.
Besides....there is little MS support any more for pre-SP2 systems.
I do suggest updating to SP2 ASAP!

There will be several updates after SP2. Get all the criticals.

It appears you are not running a firewall. Windows XP has its own but it does not monitor OUTgoing traffic and whatever malware slips by your antivirus can call home all it wants. Pre SP2 XP does not have its firewall turned on by default.
A 3rd party firewall you can control outgoing traffic much better.

If installing a 3rd party firewall do make sure XP one is off or else it will conflict.

Couple choices for free firewalls if you don't want to pay for one. Either one is good:
The Sunbelt one is "pro" for 30 days then a few extra features are disabled.

Comodo:

http://www.personalfirewall.comodo.com/

Sunbelt kerio:

http://www.sunbelt-software.com/Kerio.cfm

Pick/install only one.

Understanding and using firewalls:

http://www.bleepingcomputer.com/tutorials/tutorial60.html

--->> Your AVG will still continue to work after the 30 day trial is up.
What you do loose is the background protection and automatic updates.

You can still update manually and run scans to clean up malware.

I do suggest you keep this program.


Other added prevention/protections:

Spywareblaster <--this prog blocks known bad active x controls, many tracking cookies and puts more sites in restricted zone.
Install> update> enable all protection.
Updates are about once a month and is free.

--->> Using a hosts file will greatly increase security. Many of those flashy annoying ads on websites will not display and it blocks access to thousands of sites entirely.

Info and how to install:

http://www.mvps.org/winhelp2002/hosts.htm

--->> Remember to keep your antivirus up to date.

--->> Install an alternative browser for day to day surfing.
These 2 are free and have alot less security issues than IE:

Opera Browser

FireFox Browser

Since the HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I
http://boards.cexx.org/index.php?topic=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Go get those XP updates!

Take care & surf safe!

Tammy

 

Thanks for all the help Blender, I really appreciate it!

I'm downloading one of the firewall programs you suggested now.

Everything appears to be working fine. The only minor thing I have noticed is that on Myspace pages the audio flash player will not work. It puts a box in there that says I have javascript off or I dont have the latest flash player. I actually have both. Its not a big deal and I can live without it. It may not have anything to do with what we did here, but prior to this problem it worked fine. Any suggestions?

 

Hi,

If this is since you installed firewall check its options to see if Java and/or flash isn't blocked totally.

Do both blocks on this page say "installation complete "?

http://www.adobe.com/shockwave/welcome/

How about this one?:

http://www.java.com/en/download/installed.jsp

"Verify installation" work?

If no dice, see if you can uninstall flash & re-install.
Same with Java.

Let me know if problems to uninstall.



Thanks

 

Hi Blender,

Yes, it says installation comlete on the player and it says I have the latest version of Java already.

Maybe its a Myspace problem, now that wouldn't shock me.

Thanks again for your help. I dialer seems to be gone.

 

Hi,

Can you give me a sample link not working?

Thanks