Perfect! :) Now, scan again with HijackThis and place a check next to the following entry, then click Fix Checked. O2 - BHO: (no name) -...
That last download wasn't just producing a log. It rebuilt your safeboot key in the registry from backups. ;) Click Start>Run and type regedit...
You didn't run it properly that time. Please go back to my previous post and redo the CFScript.txt instructions. After creating the CFScript.txt...
Reboot and see if you can get to safe mode. Delete that Spyware Detector file while there if you can. When back in normal mode, click Start>Run...
Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as; Filename: CFScript.txt Save As...
While I study those logs, please download SafeBootKeyRepair Save it to your desktop. Double click to run it then post the log it produces.
Time for the big gun then. ;) Download ComboFix by sUBs from Here or Here, saving the file to your Desktop. Close all open programs and...
Thanks for the update Anna. Hope Comcast gets things squared away for you. I'm happy I could help. :) Now, next flight leaving Columbus for...
Hi flanders :) Copy/paste is exactly how it's done. ;) The HijackThis log isn't showing us much, so lets use another tool to get a better...
First, you have the Sony rootkit that needs to be removed. Follow the instructions here for either manual or automatic removal (I recommend...
Lets get the Deckards logs and go from there. ;)
Go ahead and run sfc now. Click Start>Run and type (or copy and paste) sfc /scannow then hit enter. Let me know what happens.
Great! Glad I could help. :) Lets clean up and clear out all of your past restore points then create a new one before you reinstall messenger,...
Welcome to WindowsBBS ktongg :) I've moved your post to it's own topic and we will continue here. Lets start with a HijackThis log. Please...
Why the long face Mike? Did you pay too much? :p
Lets get rid of this Messenger folder. C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger Looks good...
Click Start>Run and type services.msc then hit enter. Scroll down the list to System Restore Service and double click the entry. It needs to be...
Scan again with HijackThis and fix the following entries. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO:...
And now it's running from the msn messenger folder! Well lets kill that bit too! :D Copy the contents of the code box below and paste it into...
It might well be that your contact is the one that is infected, and the header information, including IP address, was harvested from an email sent...
Separate names with a comma.
