Spyware Help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by gage25, Aug 7, 2006.

  1. gage25

    gage25 Private E-2

    I have followed all of the requirements of the tutorials to get my computer rid of all spyware and I am still having problems.

    I have attached my Hijackthis logfile. Can someone look at it and tell me what I need to do next?
    I have been trying to get rid of this spyware for three weeks and nothing seems to help!


    Thanks!
     

    Attached Files:

    gage25, Aug 7, 2006
    #1
  2. gage25

    gage25 Private E-2

    I am also attaching the GetRunKey and ShowNew txt files, along with the text files from CounterSpy, Bitdefender and Pandascan.
     

    Attached Files:

    gage25, Aug 7, 2006
    #2
  3. gage25

    gage25 Private E-2

    Here is my counterspy and pandascan file.

    Thanks!
     

    Attached Files:

    gage25, Aug 7, 2006
    #3
  4. gage25

    gage25 Private E-2

    Hello out there......

    I thought I would provide a little info on what is happening. I have a problem with several pop-ups that continue to show, even after running through the steps as provided in the READ ME.

    I always seem to get two popups, right behind each other. My Norton Antivirus has stopped working (??) as a result, but I have not seen many other errors besides these annoying popups.

    When Norton was working, it constantly quaranatined a Dialer.Sfonditalia (sp?) virus, but I was never able to clean it.

    I hope I completed the steps in the READ ME correctly.

    Any help is greatly appreciated!

    Thanks in advance!
     
    gage25, Aug 8, 2006
    #4
  5. gage25

    gage25 Private E-2

    Can anyone please help me??

    Desperate to get this fixed!

    Thanks!!:)
     
    gage25, Aug 8, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry for the delay in answering your posts!

    You need to run CounterSpy again and this time make sure you allow it to fix what it finds. You log show that you ignored everything.

    Goto Add/Remove programs and uninstall the below:
    Viewpoint Media Player (Remove Only)

    Be careful with Limewire!!!!! Many versions are bundled with malware.


    Make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
    C:\Documents and Settings\Jason Benefield\Application Data\torafacire\systrvsm.exe

    After killing all the above processes, click Back.
    Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [oaeiu] C:\Documents and Settings\Jason Benefield\Application Data\torafacire\systrvsm.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O15 - Trusted Zone: www.adslconnection.name
    O15 - Trusted Zone: www.otherchance.com
    O15 - Trusted Zone: www.softlab.name
    O18 - Protocol: bw+0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {47730600-09B3-473F-A394-F62FBB2D28CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Mohssbfi - Intel Corporation - (no file)


    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\Documents and Settings\Jason Benefield\Application Data\torafacire <--- the whole folder
    C:\WINDOWS\syshost.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    Last edited: Aug 10, 2006
    chaslang, Aug 10, 2006
    #6
  7. gage25

    gage25 Private E-2

    OK. I have completed the tasks as given above. Thank you for the support!

    I ran the CounterSpy program again and fixed everything it said to fix.

    When deleting the files under process manager in HJT, I was unable to locate the file:
    C:\Documents and Settings\Jason Benefield\Application Data\torafacire\systrvsm.exe

    I was able to delete everything else.

    So far, I have not seen anymore of the popups.
    I did, however, see an .exe file named tack.exe in the Applications Data folder, and the filename had an icon that is identical to the icon on one of the popups that normally displayed. I did not delete it because I was unsure.

    I have attached the new HJT logfile and the new CounterSpy log.

    As for Limewire...should I just delete this as a safeguard against any future malware problems?

    Thanks so much for the help!
     

    Attached Files:

    gage25, Aug 10, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Mohssbfi ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    Mohssbfi

    If you receive any error messages just ignore them and continue.

    Now exit HJT and reboot when it tells you it needs to.

    Now attach a new HJT log.

    Also give me the full path to the tack.exe file you mentioned.

    I want to be sure where it is. Based on what you said I would guess it is:
    C:\Documents and Settings\Jason Benefield\Application Data\tack.exe
     
    chaslang, Aug 11, 2006
    #8
  9. gage25

    gage25 Private E-2

    Thanks for the help chaslang.....

    I went into services.msc, but could not find the mohssbfi that you referred to. I went into HJT and did the scan as you instructed, got an error when finding the mohssbfi and then clicked OK and exited.

    I ran the new HJT log file, and it is attached.

    As for the tack.exe file, the proper location is:
    C:\Documents and Settings\Jason Benefield\Application Data\tack.exe

    Thanks!
     

    Attached Files:

    gage25, Aug 21, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just locate the below file and rename it:

    C:\Documents and Settings\Jason Benefield\Application Data\tack.exe

    Rename it to tack.xxx

    Then reboot your PC and make sure everything is working okay. When you are comfortable that the tack.exe file was not needed (and I doubt it is), then you can just delete the tack.xxx file.

    Also use HijackThis to fix the below line:
    O23 - Service: Mohssbfi - Intel Corporation - (no file)

    Was HijackThis able to fix the line? Check to make sure it does not come back.
     
    chaslang, Aug 21, 2006
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds