Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups Everywhere, New Internet Connection In Control Panel


  • Please log in to reply
3 replies to this topic

#1 shannon mary

shannon mary

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 24 August 2007 - 08:07 PM

Hi,
My computer is randomly opening ads in Internet Explorer. When I go to Task manager, I keep closing processes that I know are causing the problem, and then I run Ad Aware. AA finds problems, and removes them, but they keep coming back. Also, I can hear my computer processing something and when I go to Internet Options > Connections, I have a new Dial Up connection which should not be there, so I delete it. It keeps coming back, and usually says something like 'Internet Connection (2)'. Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 9:08:35 PM, on 8/24/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1154268868\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MCROSO~1.NET\taskmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\winmds.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\?ymantec\s?anregw.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {336E6DFC-8066-FC9E-1A11-FB8DB95180B7} - C:\WINDOWS\system32\lbvzxweh.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: 0 - {6CA0F58E-71E1-4C96-B38F-AE087FD0B9A3} - C:\Program Files\Windows Media Player\lacusygaw13.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx
O2 - BHO: (no name) - {e4bb44ca-6b9b-4be1-b398-dca6433204ad} - (no file)
O2 - BHO: (no name) - {EA948D58-649C-1537-EC5E-4F76161D03B8} - C:\WINDOWS\system32\bqh.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154268868\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [hoxyp] C:\Program Files\Common Files\hoxyp22011.exe
O4 - HKLM\..\Run: [{B5-55-51-17-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Mcoo] "C:\PROGRA~1\MCROSO~1.NET\taskmgr.exe" -vt yazb
O4 - HKCU\..\Run: [Lgq] "C:\Program Files\?icrosoft.NET\?xplorer.exe"
O4 - HKCU\..\Run: [Ucbzla] "C:\Program Files\?ymantec\s?anregw.exe"
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonma...ameLauncher.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dianctr - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 25 August 2007 - 09:09 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shannon mary :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

First of all you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/


I also don't see any signs of a firewall,which as above is another top priority.
You should download/install one of the following freeware firewalls from below:

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

You may want to read the following.
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 shannon mary

shannon mary
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 28 August 2007 - 08:00 PM

ComboFix 07-08-29.2 - "Administrator" 08/28/2007 20:22:09.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.82 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1\WinAntiSpyware 2006
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Outerinfo
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\ta_start.lnk
C:\Program Files\Common Files\hoxyp22011.exe
C:\Program Files\mcroso~1.net
C:\Program Files\mcroso~1.net\M?crosoft.NET\
C:\Program Files\mcroso~1.net\taskmgr.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Windows Media Player\lacusygaw.dll
C:\Program Files\Windows Media Player\lacusygaw13.dll
C:\Program Files\Windows Media Player\lacusygaw140.dll
C:\Program Files\Windows Media Player\lacusygaw28.dll
C:\Program Files\Windows Media Player\lacusygaw562.dll
C:\Program Files\Windows Media Player\lacusygaw726.dll
C:\Program Files\Windows Media Player\lacusygaw824.dll
C:\Program Files\Windows Media Player\lacusygaw885.dll
C:\Program Files\Windows Media Player\lacusygaw960.dll
C:\Program Files\ymante~1
C:\Program Files\ymante~1\s?anregw.exe
C:\temp\0c2
C:\temp\0c2\tmpRC.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\avp.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\new_drv.sys
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\stem~1
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\bqh.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\wapiicomsv.exe
C:\WINDOWS\system32\X1
C:\WINDOWS\t\
C:\WINDOWS\tk58.exe
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\wozbjomA.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\ymbols~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\new_drv


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-29 )))))))))))))))))))))))))))))))


2007-08-28 20:35 16,384 --a----t- C:\WINDOWS\system32\Perflib_Perfdata_28c.dat
2007-08-28 18:39 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-28 18:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-28 18:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-28 18:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-28 18:32 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-28 18:32 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-28 18:32 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-28 18:31 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-28 18:31 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-28 16:57 71,526 --a------ C:\Program Files\setup.exe
2007-08-27 19:31 1,904 --a------ C:\WINDOWS\mqcp.exe
2007-08-14 01:37 15,950 --a------ C:\WINDOWS\system32\winmds.exe
2007-08-13 22:55 <DIR> d-------- C:\WINDOWS\system32\checkdll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-28 16:56 --------- d-a------ C:\Program Files\InterPokerTV
07-08-21 22:54 --------- d-------- C:\Program Files\PokerStars
07-08-21 13:51 --------- d-a------ C:\Program Files\Morpheus
07-08-21 12:59 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Spybot - Search & Destroy
07-08-21 01:39 --------- d-------- C:\Program Files\InterPoker
07-08-07 16:30 163840 --a------ C:\Program Files\Common Files\hoxyp22011.ex_
07-07-19 19:03 8563 --a------ C:\dnsbak.reg
07-07-16 19:27 1764 --a------ C:\WINDOWS\system32\tmp.reg
07-07-15 21:58 --------- d-a------ C:\Program Files\QuickTime
07-07-14 21:55 --------- d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\NetMon
07-07-06 01:26 --------- d-a------ C:\Program Files\America Online 9.0
07-07-06 01:23 --------- d-a------ C:\Program Files\TuneUp Utilities 2006
07-07-06 00:14 --------- d-a------ C:\Program Files\Yahoo SiteBuilder
07-07-06 00:08 --------- d-------- C:\Program Files\Dream Doll Designer
07-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
06-12-04 19:04 271 ---h----- C:\Program Files\desktop.ini
06-12-04 19:04 21952 ---h----- C:\Program Files\folder.htt
06-12-02 21:05 2522 --a------ C:\Program Files\func.js
06-11-25 03:57 482 --a------ C:\Program Files\Del.js
06-06-08 03:02 2048 --a------ C:\Program Files\func.exe
02-07-31 12:00 32528 --a------ C:\WINDOWS\inf\wbfirdma.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336E6DFC-8066-FC9E-1A11-FB8DB95180B7}]
C:\WINDOWS\system32\lbvzxweh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4bb44ca-6b9b-4be1-b398-dca6433204ad}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINDOWS\system32\mobsync.exe]
"Motive SmartBridge"="C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" [06-06-23 12:33 ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [06-01-20 18:46 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-10-25 19:58 ]
"HostManager"="C:\Program Files\Common Files\AOL\1154268868\ee\AOLSoftware.exe" [06-09-25 20:52 ]
"{B5-55-51-17-ZN}"="C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe" [07-08-13 22:54 ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-07-27 18:03 ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06-08-23 23:38 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINDOWS\system32\CTFMON.EXE]
"Mcoo"="C:\PROGRA~1\MCROSO~1.NET\taskmgr.exe" []
"Lgq"="C:\Program Files\?icrosoft.NET\?xplorer.exe" []
"Ucbzla"="C:\Program Files\?ymantec\s?anregw.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Microsoft Help System"=muamgr.exe

C:\DOCUME~1\ADMINI~1.SHA\STARTM~1\Programs\Startup\
TrueSwitch Wizard Verizon Yahoo.lnk - C:\Program Files\TrueSwitchVerizon\TrueInstall.exe [2006-08-14 23:09:46]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
TA_Start.lnk - C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe [2007-08-13 22:54:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"BzoGwJiDv"= {FC0B5518-56A1-FFB2-8C05-FDB0C79BAD5E} - C:\WINDOWS\system32\fy.dll [06-08-27 17:39 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dianctr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Synchronization Manager"=mobsync.exe /logon
"iRiver Updater"=C:\Updater.exe

R0 IFP700;iriver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R1 DCCAM;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 aswMon;avast! Standard Shield Support;C:\WINDOWS\system32\drivers\aswMon.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 3cisaadi;3Com Windows Modem Driver ISA ADI;C:\WINDOWS\system32\DRIVERS\3cisaadi.sys
R3 banshee;banshee;C:\WINDOWS\system32\DRIVERS\banshee.sys
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S3 USB_RNDIS_2K;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023k.sys

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
*Newly Created Service* - SRESCAN
*Newly Created Service* - VSMON

Contents of the 'Scheduled Tasks' folder
2007-08-18 01:00:36 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-17 21:13:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-28 04:03:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-21 13:01:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-21 14:01:01 C:\WINDOWS\Tasks\At11.job
2007-08-25 15:02:08 C:\WINDOWS\Tasks\At12.job
2007-08-26 16:01:00 C:\WINDOWS\Tasks\At13.job
2007-08-26 17:01:00 C:\WINDOWS\Tasks\At14.job
2007-08-26 18:01:00 C:\WINDOWS\Tasks\At15.job
2007-08-26 19:01:00 C:\WINDOWS\Tasks\At16.job
2007-08-26 20:01:00 C:\WINDOWS\Tasks\At17.job
2007-08-28 21:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-28 22:00:01 C:\WINDOWS\Tasks\At19.job
2007-08-28 05:03:00 C:\WINDOWS\Tasks\At2.job
2007-08-28 23:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-29 00:00:02 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-28 01:03:00 C:\WINDOWS\Tasks\At22.job
2007-08-28 02:03:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-28 03:03:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-28 20:54:02 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe
2007-08-28 20:54:05 C:\WINDOWS\Tasks\At26.job
2007-08-28 20:54:05 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe
2007-08-27 20:26:42 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe
2007-08-27 20:26:42 C:\WINDOWS\Tasks\At29.job
2007-08-28 06:03:01 C:\WINDOWS\Tasks\At3.job
2007-08-27 20:26:42 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe
2007-08-27 20:26:42 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe
2007-08-21 16:04:57 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe
2007-08-21 16:04:57 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe
2007-08-21 16:04:57 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe
2007-08-21 16:04:57 C:\WINDOWS\Tasks\At35.job
2007-08-25 23:46:17 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe
2007-08-27 00:49:20 C:\WINDOWS\Tasks\At37.job
2007-08-27 00:49:25 C:\WINDOWS\Tasks\At38.job
2007-08-27 00:49:25 C:\WINDOWS\Tasks\At39.job
2007-08-27 07:01:01 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-27 00:49:25 C:\WINDOWS\Tasks\At40.job
2007-08-27 00:49:25 C:\WINDOWS\Tasks\At41.job
2007-08-29 00:34:59 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe
2007-08-29 00:35:02 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe
2007-08-29 00:35:02 C:\WINDOWS\Tasks\At44.job
2007-08-29 00:35:02 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe
2007-08-28 20:54:05 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe
2007-08-28 20:54:05 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe
2007-08-28 20:54:05 C:\WINDOWS\Tasks\At48.job
2007-08-27 08:01:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-27 09:01:01 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-27 10:03:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-21 11:01:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-21 12:01:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\17Xt08kF.exe
2007-08-29 00:38:14 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-28 20:36:32
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-28 20:43:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-28 20:42

--- E O F ---
_________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 9:06:53 PM, on 8/28/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1154268868\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\winmds.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {336E6DFC-8066-FC9E-1A11-FB8DB95180B7} - C:\WINDOWS\system32\lbvzxweh.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx
O2 - BHO: (no name) - {e4bb44ca-6b9b-4be1-b398-dca6433204ad} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154268868\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [{B5-55-51-17-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Mcoo] "C:\PROGRA~1\MCROSO~1.NET\taskmgr.exe" -vt yazb
O4 - HKCU\..\Run: [Lgq] "C:\Program Files\?icrosoft.NET\?xplorer.exe"
O4 - HKCU\..\Run: [Ucbzla] "C:\Program Files\?ymantec\s?anregw.exe"
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonma...ameLauncher.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dianctr - C:\WINDOWS\
O21 - SSODL: BzoGwJiDv - {FC0B5518-56A1-FFB2-8C05-FDB0C79BAD5E} - C:\WINDOWS\system32\fy.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 29 August 2007 - 05:07 AM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\mqcp.exe
C:\WINDOWS\system32\fy.dll
C:\WINDOWS\system32\winmds.exe
C:\WINDOWS\system32\17Xt08kF.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image.

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Download SmitfraudFix (by S!Ri),to your desktop.
Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt
Post the Smitfraudfix report into your next reply.


Copy and paste the following blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {336E6DFC-8066-FC9E-1A11-FB8DB95180B7} - C:\WINDOWS\system32\lbvzxweh.dll (file missing)
O2 - BHO: (no name) - {e4bb44ca-6b9b-4be1-b398-dca6433204ad} - (no file)
O4 - HKLM\..\Run: [{B5-55-51-17-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKCU\..\Run: [Mcoo] "C:\PROGRA~1\MCROSO~1.NET\taskmgr.exe" -vt yazb
O4 - HKCU\..\Run: [Lgq] "C:\Program Files\?icrosoft.NET\?xplorer.exe"
O4 - HKCU\..\Run: [Ucbzla] "C:\Program Files\?ymantec\s?anregw.exe"
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dianctr - C:\WINDOWS\

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users