Options
WU not working after Tojan(s) removal
Help! I'm trying to fix my Mom's computer. I think I have two (at least!) problems. One is difficult to remove virus/malware and the other is being unable to access the wu website.
This computer had at least 30 different viruses on it, along with tons of malware. I've run McAfee and Ad-Aware until they are clean, but I KNOW there's still some left on it. When I look at msconfig startup, there are programs called keyboard12, newname12, and mouse12. Also, when I'm connected to the internet, I get random websites that launch ie. I do also get popups, but the initial page doesn't seem to be a popup, although I could be wrong.
When I try to access the wu site, I get error 8024D00C. I've done everything suggested, (including calling a personal friend who is a TAM for Microsoft, so I had access to all internal KB hints as well) and nothing seems to help. I'm very comfortable moving around in regedit or command line. I worked on it last night until about 1:30AM and intended to run HJT, but forgot, so I know that'll be the first thing I do after work.
When I go to windowsupdate.com, the page explaining about activex appears while it looks for the installer code on the machine. Then, it kicks out the error code. When I look at the WindowUpdate.log file, I see that it was trying to write files to the CatRoot2 directory. The files were edb.tmp, tmpedb.log, and edb.log. I might have the tmp and edb switched around, but I can verify that if it's necessary. Also, at one point (before I knew there were so many viruses), I had started dowloading SP2 and other updates. I was surprised that wu would let me dowload sp2 at the same time as others, but it was. It got to about 79% complete and then just stopped.
Can anyone give me any advice on getting rid of the keyboard12, mice12, and newname12 files? How can I be sure all associated files are gone? Then, any suggestions on how to get wu to start working?
Thanks so much!
Julie
This computer had at least 30 different viruses on it, along with tons of malware. I've run McAfee and Ad-Aware until they are clean, but I KNOW there's still some left on it. When I look at msconfig startup, there are programs called keyboard12, newname12, and mouse12. Also, when I'm connected to the internet, I get random websites that launch ie. I do also get popups, but the initial page doesn't seem to be a popup, although I could be wrong.
When I try to access the wu site, I get error 8024D00C. I've done everything suggested, (including calling a personal friend who is a TAM for Microsoft, so I had access to all internal KB hints as well) and nothing seems to help. I'm very comfortable moving around in regedit or command line. I worked on it last night until about 1:30AM and intended to run HJT, but forgot, so I know that'll be the first thing I do after work.
When I go to windowsupdate.com, the page explaining about activex appears while it looks for the installer code on the machine. Then, it kicks out the error code. When I look at the WindowUpdate.log file, I see that it was trying to write files to the CatRoot2 directory. The files were edb.tmp, tmpedb.log, and edb.log. I might have the tmp and edb switched around, but I can verify that if it's necessary. Also, at one point (before I knew there were so many viruses), I had started dowloading SP2 and other updates. I was surprised that wu would let me dowload sp2 at the same time as others, but it was. It got to about 79% complete and then just stopped.
Can anyone give me any advice on getting rid of the keyboard12, mice12, and newname12 files? How can I be sure all associated files are gone? Then, any suggestions on how to get wu to start working?
Thanks so much!
Julie
0
Comments
Download BFU.zip -> http://www.merijn.org/files/bfu.zip
Unzip it to folder C:\BFU
Download this removal script (click with your rigth mousebutton, save target as) -> http://metallica.geekstogo.com/alcanshorty.bfu
And save it to the same folder than where BFU was installed earlier (c:\BFU).
Reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
-> Run BFU by doubleclicking BFU.exe
-> Type or copy/paste this to the "Scriptline to execute" -field: C:\BFU\alcanshorty.bfu
-> Click Execute and let it do its work (You should see a progressbar if you did this right)
-> Wait for the "Complete script execution" box and click OK.
-> Click Exit in order to quit BFU.
Reboot Computer.
Please Send a Hijackthis Logfile.
Let me know........and thanks!
Logfile of HijackThis v1.99.1
Scan saved at 6:45:54 PM, on 5/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink
TotalAccess\PnEL.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [newname] C:\windows\newname12.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard12.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
(file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146464681734
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal
Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Outpost Firewall http://www.agnitum.com/products/outp...e/download.php
==
Please go Go to Control Panel -> Add or remove programs -> Remove This Program:
WebHancer Survey Companion
Please download Ewido Anti Malware it is a free version of the program -> http://www.ewido.net/en/download/
Install it and update.
==
Then, Reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Open Ewido
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
==
Now Open Hijackthis And Put Checkmarks On these Entries:
R3 - URLSearchHook: (no name) - ~20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname12.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard12.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
And click Fix Checked.
Delete These If Found:
C:\Program Files\==>WebHancer<==
C:\WINDOWS\==>pop06ap2.exe<==
C:\windows\==>newname12.exe<==
C:\windows\==>keyboard12.exe<==
==
Reboot To Normal Mode.
Update your Java:
1. Click Start-> Control panel and double-click Java icon (coffee cup)
2. Move to Update tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
4. After restart go back to your Java settings thru control panel (Start->control panel->java).
5. Select Temporary Internet Files and click Delete Files.
6. Make sure that all these three are checked:
Downloaded Applets
Downloaded Applications
Other files
7. Click ok in Delete Temporary Internet Files window (Attention: This removes all loaded applications and applets from cache)
8. Click ok to close Java window.
Send a Fresh HJT-Log + Ewido Report
I've looked for webhancer to delete. It is not in the add/remove programs. If I'm remembering correctly, I couldn't find the program folder to delete or attempt an uninstall. The keyboard12, newname12, and pop06ap2 I couldn't find either.
So, I'll do the things you suggest and post the logfiles. In the meantime, any other suggestions on how to get rid of webhancer?
Oh, BTW, now that I have my hands on Mom's computer, I've installed Spam protection, virus protection, adware protection, and firewall protection. I'm tempted to tell her the Internet is now off limits! But since, it's Mom, we all know how far I'll get with that one!
Thanks so much!!
Julie
I'm eagerly awaiting any enlightenment! In the meantime, it's off to shoot some pool and have some adult liquid beverages.
HJT
Logfile of HijackThis v1.99.1
Scan saved at 11:57:50 AM, on 5/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
Ewido
First scan
ewido anti-malware - Scan report
+ Created on: 9:40:02 AM, 5/3/2006
+ Report-Checksum: A44AC11C
+ Scan result:
HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Adware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Adware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup
HKU\.DEFAULT\Software\Toolbar -> Adware.WebSearch : Cleaned with backup
HKU\S-1-5-21-184046527-140369244-2207689429-1007\Software\dsktb -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-184046527-140369244-2207689429-1007\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\Toolbar -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\FB\Application Data\Earthlink\6.0\fb@earthlink.net\Cookies\fb@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\FB\Cookies\fb@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ib1s.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ON0i.dll/bi.dll -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ON0i.dll/biprep.exe -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ON0i.dll/bi.dll -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ON0i.dll/biprep.exe -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\W2020Setup.dll -> Adware.BargainBuddy : Cleaned with backup
::Report End
Second scan
ewido anti-malware - Scan report
+ Created on: 10:48:26 AM, 5/3/2006
+ Report-Checksum: 578320F3
+ Scan result:
C:\Documents and Settings\FB\Cookies\fb@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\FB\Cookies\fb@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
::Report End
Third scan
ewido anti-malware - Scan report
+ Created on: 11:57:28 AM, 5/3/2006
+ Report-Checksum: A93A2D3C
+ Scan result:
C:\Documents and Settings\FB\Cookies\fb@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
::Report End
Go To Windows Update --> http://windowsupdate.microsoft.com/
Additionally, the when I click on Properties for the Start Menu and choose Classic, then apply and OK, then click on "Start", nothing popsup. I then click properties again and change back to the default one, then click on "Start" the first menu shows up, but "All Programs" does not cascade.
What is the "bintheredunthat" folder for? Is it virus, or associated with BFU?