Gnucleus!!!!

San1117San1117
edited October 2005 in Spyware & Virus Removal
My son downloaded a music site called Gnucleus. I noticed my computer slowed down, started to freeze and I cannot get to my home page at MSN. I did a Panda Scan and HiJack this. Here are the logs. Hope you can help
Panda Scan Results
Incident Status Location

Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/ncase No disinfected Windows Registry
Virus:W32/Sdbot.FCR.worm Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Baby Einstein Baby MacDonald (DVD RIP).zip\Movie.exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\41674PQF\_to[1].exe[mc-58-12-0000137.exe]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\41674PQF\_to[2].exe[mc-58-12-0000137.exe]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\940RPTO5\director_install[1].exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I1N0PCVE\dnscatcher[1].exe
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OL6301EZ\maxifilesdns[1].zip[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OL6301EZ\maxifilesdns[1].zip[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W5MBKH2Z\_al[1].exe[mc-58-12-0000140.exe]
Virus:W32/Sdbot.FCR.worm Disinfected C:\Documents and Settings\Owner\My Documents\My Music\Baby Einstein Baby MacDonald (DVD RIP).zip[Movie.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet\mc-58-12-0000137.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet2\mc-58-12-0000137.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\mc-58-12-0000137.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\gui.exe
Virus:W32/Sdbot.FCR.worm Disinfected C:\Program Files\MsUpdate\a.tmp
Virus:W32/Sdbot.FCR.worm Disinfected C:\Program Files\MsUpdate\a.zip[Movie.exe]
Virus:W32/Sdbot.FCR.worm Disinfected C:\Program Files\MsUpdate\MsUpdate.exe
Virus:W32/Sdbot.FET.worm Disinfected C:\WINDOWS\system32\scvhost.exe
Virus:W32/Sdbot.FET.worm Disinfected C:\xz.exe
Hi Jack This Log

Logfile of HijackThis v1.99.1
Scan saved at 1:57:47 PM, on 10/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Updater.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000137.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: http://www.download.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120389281234
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

Thanks, Barbara

Comments

  • lemonlimelemonlime Canada Member
    edited October 2005
    Hi Barbara,

    I believe the following running processes are malicious:

    C:\Program Files\Common Files\Windows\services32.exe (W32/Rbot-MB)
    C:\Updater.exe
    C:\Program Files\Common Files\services.exe

    Please 'fix' the following entries in HJT:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll

    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [ms-update] scvhost.exe
    O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
    O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
    O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000137.exe


    Once finished, we will manually end the malicious running processes from the Windows task manager. (Hit CTRL+ALT+DEL, go to Task Manager, Processes Tab, select the following and 'End Process')

    services32.exe
    Updater.exe
    services.exe

    Once finished, manually delete the following files:
    C:\Program Files\Common Files\InetGet\mc-58-12-0000137.exe
    C:\Program Files\Common Files\InetGet2\mc-58-12-0000137.exe
    C:\Program Files\Common Files\mc-58-12-0000137.exe
    C:\Program Files\Common Files\services.exe
    C:\Program Files\Common Files\system32.dll[gui.exe]
    C:\Program Files\Common Files\system32.dll[cwebpage.dll]
    C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
    C:\Program Files\DNS\cwebpage.dll
    C:\Program Files\DNS\gui.exe
    C:\Updater.exe

    Do a search for the following files, and delete them as well:

    scvhost.exe (be careful not to delete svchost.exe, as that is a legitimate file, scvhost.exe is not)

    Once finished, clear all of your temporary internet files, by going to Tools --> Internet Options within Internet Explorer, and hit the 'Delete Files' button to clear them out. This will flush out a lot of the junk that Ad-aware found earlier.

    Once finished, reboot your computer, run Ad-aware one more time and post an updated HJT log..

    Best Regards,
    Mike
  • San1117San1117
    edited October 2005
    I could not find the following files as you instructed:[/U]
    C:\Program Files\Common Files\Windows\services32.exe (W32/Rbot-MB)
    C:\Updater.exe
    C:\Program Files\Common Files\services.exe

    O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)

    C:\Program Files\Common Files\mc-58-12-0000137.exe
    C:\Program Files\Common Files\system32.dll[gui.exe]
    C:\Program Files\Common Files\system32.dll[cwebpage.dll]

    C:\Program Files\DNS\gui.exe
    C:\Updater.exe

    Computer will not allow me to end services.exe
    I did the Ad aware scan and deleted the infected files
    Here is the latest HiJack This log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:24:56 PM, on 10/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O15 - Trusted Zone: http://www.download.com
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120389281234
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

    Thanks
    Barbara
  • lemonlimelemonlime Canada Member
    edited October 2005
    Great, your HJT log looks clean now :thumbsup:

    The spyware/malware will not be running at startup any longer, but there may still be some files present on your PC.
    Computer will not allow me to end services.exe

    That is expected, as there is usually a legitemate version of 'services.exe' running, which can not be stopped. Could you double check to see if there is more than one instance of services.exe running in your task manager?
    I could not find the following files as you instructed

    Is your system configured to display hidden/system files? If you are unsure, you can find out how to change that setting here: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Browse to the following locations again, and see if any of these files are visible:

    C:\Program Files\Common Files\InetGet\mc-58-12-0000137.exe
    C:\Program Files\Common Files\InetGet2\mc-58-12-0000137.exe
    C:\Program Files\Common Files\mc-58-12-0000137.exe
    C:\Program Files\Common Files\services.exe
    C:\Program Files\Common Files\system32.dll[gui.exe]
    C:\Program Files\Common Files\system32.dll[cwebpage.dll]
    C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
    C:\Program Files\DNS\cwebpage.dll
    C:\Program Files\DNS\gui.exe
    C:\Updater.exe

    Thanks,
    Mike
  • San1117San1117
    edited October 2005
    I think I found the files and deleted them. Let me know if there is anything I need to do, and thanks again Mike
    Barbara
  • lemonlimelemonlime Canada Member
    edited October 2005
    San1117 wrote:
    I think I found the files and deleted them. Let me know if there is anything I need to do, and thanks again Mike
    Barbara

    Once the files are gone, I'd recommend another ad-aware scan, just incase there are any other nasties hiding away on your hard drive. But I think that should just about do it.. Has the odd behavior of your PC stopped?

    Btw, if you have never used Ad-aware before, check out this post here:
    http://www.short-media.com/forum/showthread.php?t=14915

    Best Regards,
    Mike
Sign In or Register to comment.