Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plz Check My Log.


  • Please log in to reply
22 replies to this topic

#1 cliver

cliver

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 06 May 2007 - 05:32 PM

A folder called "shared" in my documents and settings cant be deleted what ever i do.

if i scan it with avg it crashes, if i click on the folder i get a windows explorer error saying it has a problem. If any program access's the folder it will crash everytime.

im guessing its a virus i got off limewire. sense no virus scan i use is able to finish scanning i dont really know.

Attached Files



BC AdBot (Login to Remove)

 


#2 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 07 May 2007 - 05:27 AM

Please help.

#3 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 07 May 2007 - 06:00 AM

Hello and welcome to the forum :thumbsup:

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

#4 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 07 May 2007 - 07:42 AM

Thanks a lot, any help would be great!

#5 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 07 May 2007 - 12:40 PM

Please please please help me! if you can.

#6 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 07 May 2007 - 01:41 PM

Very Sorry to keep you waiting

Please note I have a 'Fix' ready but this requires a thorough checking before I can post it into the forum.

So please don't worry I haven't forgotten about you,

I will post this to you as soon as I can, Thank you for your understanding .

#7 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 07 May 2007 - 06:44 PM

Ok i downloaded a program called Trojan remover. One of those 30 day trial deals.


It found somethings and removed them, right after that i could delete the folder and now my virus scan,spyware scan, defrag and cleanup disk dont crash anymore.

not sure if the trojan is really gone but everything seems fine now. Folder is long gone.(which i wanted).

#8 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 08 May 2007 - 12:00 AM

Hi cliver

You have quite a collection on malware on this system I'm afraid to say are you able to Reformat this system at all, If we are to consider the possible damage to the Registry and that you are having problems with your system then Re-installing will be your best and quickest option.

You will need the Original Disk's that came with this system to do this and please make sure that you know what to do before beginning the operation.

Here are some links that will help you :
http://www.dslreports.com/faq/10063
http://windowsxp.mvps.org/XPClean.htm
http://theeldergeek.com/xp_home_install_-_graphic.htm

If not then let's start by Copy and Pasting this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.


Step 1

First please remove all P2P software, As these are susceptible to various forms of malware.
Please Uninstall using Add/Remove programs and then Right-Click on and delete the Peer to Peer folders.


Step 2

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please now reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt


Step 3

Download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zlfky.dll/sp.html#37049
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F24A023-EA78-4A0D-99DF-D348E50783A5}: NameServer = 85.255.115.54,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9B29AF-DB0B-4C96-9E53-8F5E27B6444A}: NameServer = 85.255.115.54,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F668486-1528-4029-BE45-6D534E90D458}: NameServer = 85.255.115.54,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9B79A7B-85CF-4213-9E82-4CE4FDD44E53}: NameServer = 85.255.115.54,85.255.112.105
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.54 85.255.112.105
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F24A023-EA78-4A0D-99DF-D348E50783A5}: NameServer = 85.255.115.54,85.255.112.105
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.54 85.255.112.105
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F24A023-EA78-4A0D-99DF-D348E50783A5}: NameServer = 85.255.115.54,85.255.112.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.54 85.255.112.105
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\mfcsh32.exe (file missing)


Click FIX CHECKED. Close HijackThis.


Step 4

Now Update AVG Anti-Spyware 7.5
click the "Update" icon from the main menu.
Then click the "Start Update" button.
When you receive the "Update successful" prompt, close AVG AS.
Note: If you have any problems with the updater, you can Update AVG Anti-Spyware 7.5 Manually.
Do not Scan with this yet!

Please Reboot your System into Safe Mode Shut down your system, then Restart your computer
as soon as it starts booting up again continuously tap F8 from the menu select the option to enter Safe Mode

Click Start | Run and type cleanmgr in the run box
Checkmark these: Temporary Files | Temporary Internet Files | Recycle Bin
Click OK to start the cleanup and wait for it to finish.

Open AVG Anti-Spyware 7.5 and click the "Scanner" icon from the main menu.
Click "Complete System Scan" to start scanning.
When the scan completes, click "Recommended action" beneath the results window and select "Quarantine".
Then click the "Apply all actions" button to quarantine everything detected.
Then click Save report > Save report as and save the Report-Scan.txt to your desktop.

Then Reboot back into Normal Mode


Step 5

Re-Scan with Hijack This and post

1/ The new HijackThis log
2/ The C:\fixwareout\report.txt
3/ The AVG Anti-Spyware 7.5 Report-Scan.txt
4/ The SDFix report

Thank you.

#9 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 08 May 2007 - 07:02 AM

Sorry didnt know how else to post this stuff.




Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Name of App"="C:\\Program Files\\SAMSUNG\\FW LiveUpdate\\Liveupdate.exe"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTXFIREG"="CTxfiReg.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SP2 Connection Patcher"="\"C:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
»»»»» End report »»»»»




SDFix: Version 1.83

Run by Justin Palmer - Tue 05/08/2007 - 6:58:04.48

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
.NET Connection Service

ImagePath:
C:\WINDOWS\svchost.exe

.NET Connection Service - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CRUC.EXE - Deleted
C:\WINDOWS\hib.exe.tmp - Deleted
C:\WINDOWS\rwxavqj.exe.tmp - Deleted
C:\WINDOWS\sbkpgvof.exe.tmp - Deleted
C:\WINDOWS\ypslax.exe.tmp - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\clive532\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\clive532\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Diablo II\\Diablo II.exe"="C:\\Program Files\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Justin Palmer\\My Documents\\nestc042\\NESTCL95.EXE"="C:\\Documents and Settings\\Justin Palmer\\My Documents\\nestc042\\NESTCL95.EXE:*:Enabled:NESTCL95"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\U.S. Robotics\\ControlCenter\\ctrlcntr.exe"="C:\\Program Files\\U.S. Robotics\\ControlCenter\\ctrlcntr.exe:*:Enabled:ctrlcntr"
"C:\\Program Files\\StreamCast\\Morpheus\\Morpheus.exe"="C:\\Program Files\\StreamCast\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\Justin Palmer\\Desktop\\DS2keygen.exe"="C:\\Documents and Settings\\Justin Palmer\\Desktop\\DS2keygen.exe:*:Disabled:DS2keygen"
"C:\\WINDOWS\\system32\\ntsf.exe"="C:\\WINDOWS\\system32\\ntsf.exe:*:Enabled:ntsf"
"C:\\Program Files\\Warez P2P Client\\warez.exe"="C:\\Program Files\\Warez P2P Client\\warez.exe:*:Enabled:warez"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\AGE3.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\AGE3.EXE:*:Enabled:Age of Empires 3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\clive532\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\clive532\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\THQ\\Titan Quest\\Titan Quest_NI.exe"="C:\\Program Files\\THQ\\Titan Quest\\Titan Quest_NI.exe:*:Enabled:Titan Quest_NI"
"C:\\Program Files\\Doom 3\\DOOM3.exe"="C:\\Program Files\\Doom 3\\DOOM3.exe:*:Enabled:Doom 3"
"C:\\Program Files\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"="C:\\Program Files\\THQ\\Titan Quest Immortal Throne\\Tqit.exe:*:Enabled:Tqit"
"C:\\Program Files\\THQ\\Titan Quest\\Titan Quest.exe"="C:\\Program Files\\THQ\\Titan Quest\\Titan Quest.exe:*:Enabled:Titan Quest"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\THQ\\Titan Quest Immortal Throne\\DotNetLauncher.exe"="C:\\Program Files\\THQ\\Titan Quest Immortal Throne\\DotNetLauncher.exe:*:Enabled:DotNetLauncher"
"C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\d.dll
C:\WINDOWS\iidwj.dll
C:\WINDOWS\ipvm.dll
C:\WINDOWS\iumkb.dll
C:\WINDOWS\jwzrf.dll
C:\WINDOWS\sgdhc.dll
C:\WINDOWS\tjndy.dll
C:\WINDOWS\vabgo.dll
C:\WINDOWS\vdiwi.dll
C:\WINDOWS\system32\addwt32.dll
C:\WINDOWS\system32\kidyq.dll
C:\WINDOWS\system32\wjhip.dll
C:\WINDOWS\system32\wmkrw.dll
C:\WINDOWS\system32\ybbvj.dll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\msbb.exe.temp
C:\WINDOWS\ntis32.exe
C:\WINDOWS\sbkpgvof.exe
C:\WINDOWS\sdkti32.exe
C:\WINDOWS\system32\iejh.exe
C:\WINDOWS\system32\sysey32.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Microsoft\Media Player\MTVN\Downloads\00EAE30A\BITE0.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0af8ccbf848834c4d945c262a211c5fe\BIT2B.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\141dba2c46ac27fe0d0d6d46ba4dbf07\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d2e5583a5fd4098c4bb26352edaf419b\download\BIT49.tmp

Finished



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:44:29 AM 5/8/2007

+ Scan result:



Nothing found.



::Report end

Attached Files



#10 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 09 May 2007 - 09:29 AM

Hi cliver

Copy and Pasting this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

Step 1

Clean your Cache and Cookies in IE:
Go to Control Panel > Internet Options > General tab.
Click the "Delete Cookies" button and then the "Delete Files" button next to it.
When prompted, place a check in: "Delete all offline content",
(You will have to re-enter passwords at websites that require them.)
Click OK

Clean other Temporary files + Recycle bin:
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.


Please use Internet Explorer and Run the Kaspersky On-line Scanner
http://www.kaspersky.com/service?chapter=161739400

Accept the Active X object and download the latest definitions.
When the scanner is ready, click Scan Settings.
Select the Extended anti-virus database.
Select Scan Archives & Scan Mail Bases and then ok.
Click My Computer to run a full system scan.
When complete, save the log to your desktop.


Step 2

Please Open Hijackthis
Click Open Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as Uninstall_list.txt

In your next reply please post:

1/ A new HijackThis log <---Please 'Copy & Paste' into the forum.
2/ The Uninstall_list.txt
3/ The kaspersky scan log result's

Thank you.

#11 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 09 May 2007 - 10:59 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:53:25 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: AVG Anti-Spyware.lnk = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 09, 2007 11:48:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/05/2007
Kaspersky Anti-Virus database records: 315822
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61628
Number of viruses found: 1
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:45:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Justin Palmer\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\cert8.db Object is locked skipped
C:\Documents and Settings\Justin Palmer\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\history.dat Object is locked skipped
C:\Documents and Settings\Justin Palmer\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\key3.db Object is locked skipped
C:\Documents and Settings\Justin Palmer\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\parent.lock Object is locked skipped
C:\Documents and Settings\Justin Palmer\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Justin Palmer\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Justin Palmer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dssb5nm.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Justin Palmer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Justin Palmer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Justin Palmer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kdhmt.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\WINDOWS\system32\kdjxu.exe.ren Infected: Packed.Win32.PolyCrypt.b skipped
C:\WINDOWS\system32\kdpjw.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




AC3Filter (remove only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Age of Empires III
AirPlus G
ANIO Service
ANIWZCS2 Service
AVG Anti-Spyware 7.5
AVG Free Edition
Azureus
Call of Duty® 2
CCleaner (remove only)
Creative EAX Console
Creative Software AutoUpdate
Creative Speaker Settings
Creative System Information
DAEMON Tools
Device Control
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EVEREST Home Edition v1.51
FEAR
Futuremark Measurement Services Client
FW LiveUpdate
Half-Life® 2
Hamachi 1.0.2.1
HijackThis 1.99.1
Home Search Assistent
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ieSpell
Intel Application Accelerator
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Logitech Desktop Messenger
Logitech Gaming Software
Logitech iTouch Software
Logitech Resource Center
MagicTune3.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
MSXML4 Parser
Nero Suite
Neverwinter Nights Gold Edition
NVIDIA Drivers
Oblivion
PowerISO
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SoulSeekkor's TQ Defiler
Sound Blaster Audigy
SP2 Connection Patcher
Steam™
System Requirements Lab
TES Construction Set
Titan Quest
Titan Quest Immortal Throne
TQVault 2.1
Trojan Remover 6.6.0
TuneXP 1.5
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6a
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver

#12 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 11 May 2007 - 09:51 AM

Hi cliver

Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

Step 1

Please go to this Website:
http://www.uploadmalware.com/

Fill out the form and In the "Files To Submit" section I would like you to Browse and select each of these files on your system to be scanned

C:\WINDOWS\system32\kdhmt.exe
C:\WINDOWS\system32\kdjxu.exe.ren
C:\WINDOWS\system32\kdpjw.exe

Now Select 'Send Files'


Step 2

I would recommend removing P2P software, As these are susceptible to various forms of malware.
Please Uninstall using Add/Remove programs and then Right-Click on and delete the Peer to Peer folders.

Also in Add/Remove Programs please remove:

Home Search Assistent
J2SE Runtime Environment 5.0 Update 11



Step 3

Double-click on My Computer, Double-click on Local Disk
and navigate to then Right Click on and Delete the following Bold entries:

C:\WINDOWS\system32\kdhmt.exe
C:\WINDOWS\system32\kdjxu.exe.ren
C:\WINDOWS\system32\kdpjw.exe


Step 4

Download ComboFix.exe to your desktop.
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Thank you.

#13 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 11 May 2007 - 10:32 AM

It wouldnt let me remove home search assistent, took me to a foreign page everytime i clicked add/remove.







"Justin Palmer" - 2007-05-11 11:23:48 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Justin Palmer\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))


2007-05-10 15:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-05-10 15:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-05-10 15:49 <DIR> d-------- C:\Program Files\Trojan Remover
2007-05-10 15:49 <DIR> d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Simply Super Software
2007-05-10 15:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-05-09 10:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-06 20:51 <DIR> d-------- C:\DOCUME~1\JUSTIN~1\Incomplete
2007-05-06 12:57 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-06 11:13 <DIR> d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\LimeWire
2007-04-25 00:17 <DIR> d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\nHancer
2007-04-24 19:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-04-24 19:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-04-24 19:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-24 19:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-04-24 19:11 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-24 19:11 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-24 19:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-04-23 16:10 <DIR> dr-h----- C:\DOCUME~1\JUSTIN~1\APPLIC~1\SecuROM
2007-04-20 22:19 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
2007-04-20 22:19 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
2007-04-20 22:19 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
2007-04-17 22:07 <DIR> d-------- C:\Program Files\QuickTime
2007-04-15 11:42 <DIR> d-------- C:\Program Files\Activision
2007-04-13 13:29 0 --a------ C:\WINDOWS\popcreg.dat
2007-04-13 13:29 0 --a------ C:\WINDOWS\popcinfot.dat
2007-04-13 13:10 10 --a------ C:\WINDOWS\popcinfo.dat
2007-04-13 01:54 <DIR> d-------- C:\DOCUME~1\JUSTIN~1\APPLIC~1\Registry Booster
2007-04-13 01:53 <DIR> d-------- C:\Program Files\Uniblue
2007-04-13 00:36 77,312 --a------ C:\WINDOWS\ua2.dll
2007-04-12 23:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-12 23:01 <DIR> d-------- C:\Program Files\MSBuild
2007-04-12 22:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-12 22:57 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-12 22:56 14,048 --------- C:\WINDOWS\system32\spmsg2.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-10 19:04:56 -------- d-----w C:\Program Files\SP2 Connection Patcher
2007-05-10 17:37:28 -------- d-----w C:\DOCUME~1\JUSTIN~1\APPLIC~1\Azureus
2007-05-08 21:43:29 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-08 12:25:34 -------- d-----w C:\DOCUME~1\JUSTIN~1\APPLIC~1\Hamachi
2007-05-07 22:24:43 0 ----a-w C:\CONFIG.SYS
2007-05-06 14:58:49 1,298 ----a-w C:\WINDOWS\mozver.dat
2007-05-03 20:29:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-03 18:58:16 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-29 09:31:15 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-24 05:50:41 -------- d-----w C:\Program Files\Doom 3
2007-04-21 02:19:25 -------- d-----w C:\Program Files\Intel
2007-04-17 02:49:23 -------- d-----w C:\DOCUME~1\JUSTIN~1\APPLIC~1\Ahead
2007-04-16 02:18:20 -------- d-----w C:\Program Files\TQDefiler
2007-04-15 15:30:17 -------- d-----w C:\Program Files\Ahead
2007-04-13 21:44:38 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-13 04:13:36 -------- d-----w C:\DOCUME~1\JUSTIN~1\APPLIC~1\Uniblue
2007-04-08 17:11:12 -------- d-----w C:\DOCUME~1\JUSTIN~1\APPLIC~1\SystemRequirementsLab
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-04-04 13:05:18 -------- d-----w C:\Program Files\Hamachi
2007-04-03 15:40:11 -------- d-----w C:\Program Files\THQ
2007-04-03 02:55:16 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-01 03:13:23 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-03-31 08:38:40 -------- d-----w C:\Program Files\AC3Filter
2007-03-31 02:30:09 -------- d-----w C:\Program Files\DivX
2007-03-27 07:55:57 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-03-27 07:55:48 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-27 07:49:07 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-03-27 07:49:07 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-03-27 07:49:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 07:49:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 07:49:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-03-27 07:49:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-03-27 07:49:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-03-27 07:48:59 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 07:48:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 07:48:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 07:48:58 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-03-27 02:44:12 -------- d-----w C:\Program Files\Creative
2007-03-27 02:41:43 -------- d-----w C:\DOCUME~1\JUSTIN~1\APPLIC~1\Creative
2007-03-27 02:34:50 -------- d--h--w C:\Program Files\Creative Installation Information
2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-21 02:29:09 -------- d-----w C:\Program Files\VideoLAN
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 01:55:28 -------- d-----w C:\Program Files\TQVault
2007-03-09 13:28:07 249,856 ------w C:\WINDOWS\Setup1.exe
2007-03-09 13:28:05 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 23:50:56 -------- d-----w C:\Program Files\CCleaner
2007-03-05 16:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
2007-02-27 22:08:01 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-02-27 22:08:01 405,504 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Name of App"="C:\\Program Files\\SAMSUNG\\FW LiveUpdate\\Liveupdate.exe"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTXFIREG"="CTxfiReg.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SP2 Connection Patcher"="\"C:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://codesmedia.ign.com/codes/image/background.gif

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^justin palmer^start menu^programs^startup^limewire on startup.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aniwzcs2service
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d-link airplus g
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nbj
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\OblivionLauncher.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\Launch.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca649446-e0a6-11db-b839-806d6172696f}]
Shell\AutoRun\command E:\OblivionLauncher.exe

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-11 11:25:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe?D~??A~??????A~??A~ %j???????????A~????`???`??????????????????????|????]?A~`???;?E??????!<???D???J??????pD???????<?`???????A?F?`???b?@?`???]?A~????;?E???????????????????A~??G~????????????????????????????x?G

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-11 11:25:04
C:\ComboFix-quarantined-files.txt ... 2007-05-11 11:25




Logfile of HijackThis v1.99.1
Scan saved at 11:27:56 AM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: AVG Anti-Spyware.lnk = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#14 cliver

cliver
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 11 May 2007 - 11:04 AM

Ok i did some research on home search assistant and found a program called hsremove.exe. It removed it.

#15 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 13 May 2007 - 03:35 AM

Hi cliver

I would like to recommend if you are using The Windows Firewall that you replace it as soon as possible Please choose to install One of these good free firewalls below to fully protect your system anyone of these will give you Full control over everything that requests Internet access a feature not available in the default Windows Firewall

ZoneAlarm
Kerio Personal Firewall
OutPost Firewall Free
Sygate Personal Firewall

Once you have done this can you please let me know how your system is running now

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users