Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop Hijacker [RESOLVED]


  • This topic is locked This topic is locked

#16
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok let's start...

First,

Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

AVG 8.0

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\AVG

Once done, Reboot computer to Normal Mode.

Next,

Open Notepad.
Copy and paste text in codeboxbelow
Type filename as fix.bat then Set Filetype to "all files"
Save to your Desktop then click Save.

dir c:\windows\system32\Swc05.sys /a /s >> look.txt
dir c:\windows\system32\Winhm37.sys /a /s >> look.txt
dir c:\windows\system32\Winyf62.sys /a /s >> look.txt & notepad look.txt


Double click on fix.bat.
Once done, Notepad will open paste with the contents.

Then,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\esrt.exe
C:\iwfgofxx.exe
C:\wupdate.exe
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\ijisanrs.dll
C:\WINDOWS\system32\ijisanrs.dll
D:\INTERNET.EXE

Folder::
C:\10mo-file

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3cbb5c88]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swc05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyf62.sys]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\INTERNET.EXE"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Please post back with
- Combofix log
- Fix.bat log
- New HijackThis log

Edited by koko_crunch, 17 June 2008 - 01:46 PM.

  • 0

Advertisements


#17
djtexxxas

djtexxxas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry I was busy lately.

Look.txt

Volume in drive C has no label.
Volume Serial Number is 3CBB-5C27
Volume in drive C has no label.
Volume Serial Number is 3CBB-5C27
Volume in drive C has no label.
Volume Serial Number is 3CBB-5C27



ComboFix.txt I waited 15min and it froze on "Don't run anyprograms until combofix finishes.

ComboFix 08-06-15.4 - Polak 2008-06-25 17:23:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.207 [GMT -4:00]
Running from: C:\Documents and Settings\Polak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Polak\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\iwfgofxx.exe
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\esrt.exe
C:\WINDOWS\system32\ijisanrs.dll
C:\WINDOWS\system32\prsgrc.dll
C:\wupdate.exe
D:\INTERNET.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\10mo-file\
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 17:12 . 2008-06-25 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-21 21:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-21 21:28 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-21 21:11 . 2008-06-21 21:11 <DIR> d-------- C:\Documents and Settings\Polak\PARTYPokerDir
2008-06-19 00:42 . 2008-06-19 01:05 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-06-16 23:03 . 2008-06-16 23:03 <DIR> d-------- C:\Deckard
2008-06-16 14:51 . 2008-06-16 14:51 <DIR> d-------- C:\VundoFix Backups
2008-06-16 14:20 . 2008-06-16 14:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 02:25 . 2008-06-25 17:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 02:25 . 2008-06-15 02:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-12 01:09 . 2008-06-12 01:09 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\Apple Computer
2008-06-11 01:22 . 2008-06-11 01:22 95 --a------ C:\WINDOWS\wininit.ini
2008-06-10 00:14 . 2008-06-10 00:14 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\Malwarebytes
2008-06-10 00:06 . 2008-06-16 14:42 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\TmpRecentIcons
2008-06-10 00:02 . 2008-06-10 00:02 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\SUPERAntiSpyware.com
2008-06-09 23:36 . 2008-06-09 23:36 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\Talkback
2008-06-09 23:34 . 2008-06-09 23:34 <DIR> d-------- C:\Documents and Settings\Yezzir\Contacts
2008-06-09 23:31 . 2008-06-09 23:31 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\ATI
2008-06-09 23:30 . 2008-06-25 17:11 <DIR> d-------- C:\Documents and Settings\Yezzir
2008-06-09 22:24 . 2008-06-09 22:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-09 22:19 . 2008-06-09 23:11 <DIR> d-------- C:\SDFix
2008-06-09 22:04 . 2008-06-09 22:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 21:59 . 2008-06-09 21:59 <DIR> d-------- C:\Program Files\Panda Security
2008-06-09 21:42 . 2008-06-16 19:17 2,154 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 21:36 . 2008-06-09 21:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:36 . 2008-06-09 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 21:21 . 2004-08-03 21:07 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2008-06-09 20:51 . 2008-06-09 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-09 20:49 . 2008-06-09 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-09 20:19 . 2008-06-09 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-09 20:14 . 2008-06-09 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-09 20:10 . 2008-06-11 02:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\Documents and Settings\Polak\Application Data\SUPERAntiSpyware.com
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 18:31 . 2008-06-09 18:31 <DIR> d-------- C:\Documents and Settings\Polak\Application Data\Malwarebytes
2008-06-09 18:30 . 2008-06-16 14:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 18:30 . 2008-06-09 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 18:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 18:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 19:13 . 2008-05-31 19:13 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 19:02 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-06-25 18:44 --------- d-----w C:\Program Files\mIRC
2008-06-25 18:38 --------- d-----w C:\Program Files\MagicISO
2008-06-23 04:29 --------- d-----w C:\Program Files\Steam
2008-06-22 01:12 --------- d-----w C:\Program Files\PartyGaming
2008-06-22 00:42 --------- d-----w C:\Documents and Settings\Polak\Application Data\HLSW
2008-06-19 04:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 23:52 --------- d-----w C:\Documents and Settings\Polak\Application Data\uTorrent
2008-06-09 23:19 --------- d-----w C:\Program Files\Text to Speech Maker
2008-06-09 23:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-09 23:16 --------- d-----w C:\Program Files\Prison Tycoon 3 Lock Down
2008-06-09 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-09 23:06 --------- d-----w C:\Program Files\Magic iPod Video Converter
2008-06-09 23:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-09 22:59 --------- d-----w C:\Program Files\VSTplugins
2008-06-09 22:59 --------- d-----w C:\Program Files\Image-Line
2008-06-09 22:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 06:06 --------- d-----w C:\Documents and Settings\Polak\Application Data\DMCache
2008-05-21 04:49 --------- d-----w C:\Program Files\Outsim
2008-05-12 03:44 319 ----a-w C:\drmHeader.bin
2008-05-11 00:17 --------- d-----w C:\Program Files\uTorrent
2008-04-30 22:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-30 01:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-28 06:38 --------- d-----w C:\Documents and Settings\Polak\Application Data\vlc
2008-04-28 06:37 --------- d-----w C:\Program Files\VideoLAN
2008-04-25 23:43 --------- d-----w C:\Documents and Settings\Polak\Application Data\LimeWire
2008-04-25 21:02 --------- d-----w C:\Program Files\Windows Mobile Device Handbook
2008-04-20 05:14 94,208 ----a-w C:\WINDOWS\DUMPbb12.tmp
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-01-22 17:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-09-28 01:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.




HijackThis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43, on 2008-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198219476937
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7166 bytes


Thanks
  • 0

#18
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
We still need to look for these files.

Open Notepad.
Copy and paste text in codeboxbelow
Type filename as seek.bat then Set Filetype to "all files"
Save to your Desktop then click Save.

dir c:\Swc05.sys /s >> result.txt
dir c:\Winhm37.sys /s >> result.txt
dir c:\Winyf62.sys /s >> result.txt & notepad result.txt

Double-click on seek.bat.
Notepad will open with the results of the query.
Post the content on you next reply.

Edited by koko_crunch, 25 June 2008 - 08:17 PM.

  • 0

#19
djtexxxas

djtexxxas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Results.txt

Volume in drive C has no label.
Volume Serial Number is 3CBB-5C27
Volume in drive C has no label.
Volume Serial Number is 3CBB-5C27
Volume in drive C has no label.
Volume Serial Number is 3CBB-5C27


Samething..
  • 0

#20
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
First, let's remove AVG antivirus.

Use this to tool.

Download Windows Installer Cleanup Utility then save it to your desktop.

  • Double-click on msicuu2.exe to install the Utility.
  • Just click on Next then Finish once done.

To Use:
Click on Start >> Programs >> Windows Install CleanUp


Next,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\DUMPbb12.tmp
C:\windows\system32\Swc05.sys
C:\windows\system32\drivers\Swc05.sys
C:\windows\system32\drivers\Winhm37.sys
C:\windows\system32\Winhm37.sys
C:\windows\system32\Winyf62.sys
C:\windows\system32\drivers\Winyf62.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swc05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyf62.sys]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .
  • New HijackThis log.

Edited by koko_crunch, 26 June 2008 - 12:12 AM.

  • 0

#21
djtexxxas

djtexxxas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Combofix


ComboFix 08-06-15.4 - Polak 2008-06-26 2:22:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.205 [GMT -4:00]
Running from: C:\Documents and Settings\Polak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Polak\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\DUMPbb12.tmp
C:\windows\system32\drivers\Swc05.sys
C:\windows\system32\drivers\Winhm37.sys
C:\windows\system32\drivers\Winyf62.sys
C:\windows\system32\Swc05.sys
C:\windows\system32\Winhm37.sys
C:\windows\system32\Winyf62.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\DUMPbb12.tmp
.
---- Previous Run -------
.
C:\10mo-file\
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 02:15 . 2008-06-26 02:15 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-26 02:14 . 2008-06-26 02:14 <DIR> d-------- C:\Program Files\MSECACHE
2008-06-26 01:32 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 01:29 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-26 01:12 . 2008-06-26 01:12 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-26 01:12 . 2008-06-26 01:12 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-26 01:12 . 2008-06-26 01:12 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-26 01:12 . 2008-06-26 01:12 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-26 01:09 . 2008-06-26 01:13 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-26 00:42 . 2004-08-03 22:29 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-06-26 00:17 . 2008-06-26 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-25 17:12 . 2008-06-25 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-21 21:28 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-21 21:11 . 2008-06-21 21:11 <DIR> d-------- C:\Documents and Settings\Polak\PARTYPokerDir
2008-06-19 00:42 . 2008-06-26 01:55 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-06-16 23:03 . 2008-06-16 23:03 <DIR> d-------- C:\Deckard
2008-06-16 14:51 . 2008-06-16 14:51 <DIR> d-------- C:\VundoFix Backups
2008-06-16 14:20 . 2008-06-16 14:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 02:25 . 2008-06-26 02:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 02:25 . 2008-06-15 02:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-12 01:09 . 2008-06-12 01:09 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\Apple Computer
2008-06-11 01:22 . 2008-06-11 01:22 95 --a------ C:\WINDOWS\wininit.ini
2008-06-10 00:14 . 2008-06-10 00:14 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\Malwarebytes
2008-06-10 00:06 . 2008-06-16 14:42 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\TmpRecentIcons
2008-06-10 00:02 . 2008-06-10 00:02 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\SUPERAntiSpyware.com
2008-06-09 23:36 . 2008-06-09 23:36 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\Talkback
2008-06-09 23:34 . 2008-06-09 23:34 <DIR> d-------- C:\Documents and Settings\Yezzir\Contacts
2008-06-09 23:31 . 2008-06-09 23:31 <DIR> d-------- C:\Documents and Settings\Yezzir\Application Data\ATI
2008-06-09 23:30 . 2008-06-25 17:11 <DIR> d-------- C:\Documents and Settings\Yezzir
2008-06-09 22:24 . 2008-06-09 22:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-09 22:19 . 2008-06-09 23:11 <DIR> d-------- C:\SDFix
2008-06-09 22:04 . 2008-06-09 22:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 21:59 . 2008-06-26 01:55 <DIR> d-------- C:\Program Files\Panda Security
2008-06-09 21:42 . 2008-06-16 19:17 2,154 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 21:36 . 2008-06-09 21:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-09 21:36 . 2008-06-09 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 21:21 . 2008-04-13 20:11 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2008-06-09 20:51 . 2008-06-09 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-09 20:49 . 2008-06-09 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-09 20:19 . 2008-06-09 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-09 20:14 . 2008-06-09 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-09 20:10 . 2008-06-26 02:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\Documents and Settings\Polak\Application Data\SUPERAntiSpyware.com
2008-06-09 18:46 . 2008-06-09 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 18:31 . 2008-06-09 18:31 <DIR> d-------- C:\Documents and Settings\Polak\Application Data\Malwarebytes
2008-06-09 18:30 . 2008-06-16 14:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 18:30 . 2008-06-09 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 18:30 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 18:30 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 19:13 . 2008-06-26 01:31 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 05:56 --------- d-----w C:\Program Files\PartyGaming
2008-06-26 05:55 --------- d-----w C:\Program Files\mIRC
2008-06-26 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-25 21:52 --------- d-----w C:\Program Files\Steam
2008-06-25 19:02 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-06-25 18:38 --------- d-----w C:\Program Files\MagicISO
2008-06-22 00:42 --------- d-----w C:\Documents and Settings\Polak\Application Data\HLSW
2008-06-19 04:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 23:52 --------- d-----w C:\Documents and Settings\Polak\Application Data\uTorrent
2008-06-09 23:19 --------- d-----w C:\Program Files\Text to Speech Maker
2008-06-09 23:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-09 23:16 --------- d-----w C:\Program Files\Prison Tycoon 3 Lock Down
2008-06-09 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-09 23:06 --------- d-----w C:\Program Files\Magic iPod Video Converter
2008-06-09 23:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-09 22:59 --------- d-----w C:\Program Files\VSTplugins
2008-06-09 22:59 --------- d-----w C:\Program Files\Image-Line
2008-06-09 22:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 06:06 --------- d-----w C:\Documents and Settings\Polak\Application Data\DMCache
2008-05-21 04:49 --------- d-----w C:\Program Files\Outsim
2008-05-12 03:44 319 ----a-w C:\drmHeader.bin
2008-05-11 00:17 --------- d-----w C:\Program Files\uTorrent
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 22:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-30 01:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-28 06:38 --------- d-----w C:\Documents and Settings\Polak\Application Data\vlc
2008-04-28 06:37 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-01-22 17:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-09-28 01:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.


Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:36, on 2008-06-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198219476937
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7067 bytes

By the way I got ie to work, so I downloaded sp3

Thanks

Edited by djtexxxas, 26 June 2008 - 12:41 AM.

  • 0

#22
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Yeah, i noticed it. That's good!. :)

Just one final scan before we wrap things up?
How's your computer running by the way?
Are there other issues you wish to address?

Next,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then,

Please do an online scan with Kaspersky WebScanner

Temporarily disable your resident Antivirus software before proceeding.

Welcome Information page will open. Click on Accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded, click on Scan
    • Now under that section select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Enable you Anti-Virus protection once scan is done.
  • 0

#23
djtexxxas

djtexxxas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Well my computer is running much better then when I first posted here :)

The thing is, I have alot of crap everywhere on my computer, not exaclty spyware just alot of crap. That's why I usually just reformat.
I hate the process but I love the results. Computer runs much faster.

Im doing the online kaspersky scan right now.

Any suggestion on how to keep my pc organized and spyware free?

Thanks alot
  • 0

#24
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

Any suggestion on how to keep my pc organized and spyware free?


Will them once you're all clear, :)
I advise you to not do anything while the computer scans for viruses.
Post back when done.
  • 0

#25
djtexxxas

djtexxxas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Attached File  scanreport.html   6.5KB   25 downloads

Here it is
  • 0

Advertisements


#26
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hmmm...

Please run the MGA Diagnostic Tool and post back the report it shall produce:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#27
djtexxxas

djtexxxas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for all your help, Im just going to reformat

Edited by djtexxxas, 29 June 2008 - 01:20 AM.

  • 0

#28
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP