Hi people,

i cant work out whats wrong with McAfee at the moment every time i click fix it says " one or more problems require your response"??? then it just goes back this home page telling me action required,can anyone help because it is really annoying

Many thanks

Matty

Attached Files

hijackthis log.txt (8.7 KB, 4 views)

You need to update your virus defination files.

hey norris....you got all sorts of goodies in there.

go to start > run > appwiz.cpl and remove new.net and wildtangent. Then right click start > explore > navigate to program files and delete both of those from that directory.

May want to print this out, as I need you to close all windows, start hjt, click 'perform system scan only', place a tick next to the following, then click 'fix checked':

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe (file missing)
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/cont/sc.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00721/sb028.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/w...lockbuster/wti nst.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Do you know this IP address?
O17 - HKLM\System\CCS\Services\Tcpip\..\{B127406F-7FA1-4302-A271-9C5254F9FF46}: NameServer = 62.6.40.178 194.72.0.98 <-- those two

Reboot, and post a new log.

Thanks,

v

hi thanks V,

I have managed to delete new.net but wild tangent isnt on the list??

I have attached the latest HJT log

i dont know that ip address however i wouldnt know even if it was mine to tell the truth ? why do you ask??

Still having probs with mcafee. i clicked update and it says there are no updates ? maybe i need to reinstall it?

Many thanks

Matt

Attached Files

hijackthisnew1.txt (7.5 KB, 1 views)

okay, I want to see if you have something called aurora at work on your machine. Right click start > explore > windows > find 'nail.exe' and delete it. Reboot, go back and see if it's there again. If it is, you've got aurora and we have to radically alter our plans.....

thanks,

v

ok done that and nail.exe is not there anymore.

Im getting another error message now though when rebooting is it something to do with removing new.net??

ive left a screenshot

did you remove new.net from the add/remove applet as I asked? If so, go to start > run > msconfig > startup tab (it's the last one) and untick anything related to new.net. Then reboot; you will get a system configuration warning stating that you have fiddled with the system config (no kidding, thanks for letting me know, MS), tick the box that says 'don't show this at startup' in the lower left hand corner, and you should be good to go.

After you do that, please post another hjt log.

thanks,

v