Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems With Malware.... Surprise Surprise


  • Please log in to reply
13 replies to this topic

#1 celticnthell76

celticnthell76

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 12 May 2007 - 09:03 AM

Hi all. i have recently had major problems with my pc running xp/home/sp2 running mega slow and locking my drive out of chkdsk also more worrying safe mode :thumbsup: ... avg is reporting lop.bn and adware generic2.alc but cant delete or heal these files. i have been at this for a couple of days now to no avail so any help would gr8....

Attached Files



BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 12 May 2007 - 10:04 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum celticnthell76 :thumbsup:

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {04F0B796-6E22-4624-A974-18F54AE51452} - (no file)
O2 - BHO: (no name) - {1D359D18-94C9-45ff-9954-D648249D5108} - (no file)
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...IJDIFHBJDCGCFJI (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...IJDIFHBJDCGCFJI (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

*****************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.


Restart your pc.
Post the contents of the BitDefender Online Scanner log,the AVG Anti Spyware report,and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#3 celticnthell76

celticnthell76
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 07:40 AM

Hi RichieUK.

Thanks for all your so far mate i havedone the above as requested mate
BitDefender Online Scanner



Scan report generated at: Sun, May 13, 2007 - 13:27:32





Scan path: C:\;D:\;E:\;







Statistics

Time
00:27:34

Files
147886

Folders
3278

Boot Sectors
4

Archives
954

Packed Files
14394




Results

Identified Viruses
4

Infected Files
4

Suspect Files
12

Warnings
0

Disinfected
0

Deleted Files
17




Engines Info

Virus Definitions
505979

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\a-squared Free\Quarantine\35cff8bc3a206e62f4f79ed060fe2ed1.a2q=>WINDOWS/system32/jvyntpof.dll.ren=>(Quarantine-PE)
Infected with: Trojan.Vundo.DLP

C:\Program Files\a-squared Free\Quarantine\35cff8bc3a206e62f4f79ed060fe2ed1.a2q=>WINDOWS/system32/jvyntpof.dll.ren=>(Quarantine-PE)
Disinfection failed

C:\Program Files\a-squared Free\Quarantine\35cff8bc3a206e62f4f79ed060fe2ed1.a2q=>WINDOWS/system32/jvyntpof.dll.ren=>(Quarantine-PE)
Deleted

C:\Program Files\a-squared Free\Quarantine\35cff8bc3a206e62f4f79ed060fe2ed1.a2q
Updated

C:\WINDOWS\system32\bpd457.exe
Infected with: Generic.Malware.Sdld!.7B94E11A

C:\WINDOWS\system32\bpd457.exe
Disinfection failed

C:\WINDOWS\system32\bpd457.exe
Deleted

C:\WINDOWS\system32\dxdllreg.exe~
Infected with: Generic.Malware.FBdld.7E4DC7DF

C:\WINDOWS\system32\dxdllreg.exe~
Disinfection failed

C:\WINDOWS\system32\dxdllreg.exe~
Deleted

C:\WINDOWS\system32\hzt682.dll
Infected with: Generic.Malware.Sdld!!.FAA32918

C:\WINDOWS\system32\hzt682.dll
Disinfection failed

C:\WINDOWS\system32\hzt682.dll
Deleted

C:\WINDOWS\system32\poi520.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi520.exe
Disinfection failed

C:\WINDOWS\system32\poi520.exe
Deleted

C:\WINDOWS\system32\poi529.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi529.exe
Disinfection failed

C:\WINDOWS\system32\poi529.exe
Deleted

C:\WINDOWS\system32\poi610.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi610.exe
Disinfection failed

C:\WINDOWS\system32\poi610.exe
Deleted

C:\WINDOWS\system32\poi690.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi690.exe
Disinfection failed

C:\WINDOWS\system32\poi690.exe
Deleted

C:\WINDOWS\system32\poi766.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi766.exe
Disinfection failed

C:\WINDOWS\system32\poi766.exe
Deleted

C:\WINDOWS\system32\poi773.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi773.exe
Disinfection failed

C:\WINDOWS\system32\poi773.exe
Deleted

C:\WINDOWS\system32\poi783.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi783.exe
Disinfection failed

C:\WINDOWS\system32\poi783.exe
Deleted

C:\WINDOWS\system32\poi814.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi814.exe
Disinfection failed

C:\WINDOWS\system32\poi814.exe
Deleted

C:\WINDOWS\system32\poi88.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi88.exe
Disinfection failed

C:\WINDOWS\system32\poi88.exe
Deleted

C:\WINDOWS\system32\poi977.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi977.exe
Disinfection failed

C:\WINDOWS\system32\poi977.exe
Deleted

C:\WINDOWS\system32\poi996.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\poi996.exe
Disinfection failed

C:\WINDOWS\system32\poi996.exe
Deleted

C:\WINDOWS\system32\zsh.dll
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\zsh.dll
Disinfection failed

C:\WINDOWS\system32\zsh.dll
Deleted

Attached Files



#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 07:53 AM

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log.
Let me know how your pc is running now.

Please post your replies directly into this topic,not as attachments,thanks.

Posted Image
Posted Image

#5 celticnthell76

celticnthell76
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 08:10 AM

c:/combofix results mate...


"Owner" - 2007-05-13 14:03:31 Service Pack 2
ComboFix 07-05.12V - Running from: "C:\Documents and Settings\Owner\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))


2007-05-13 13:30 <DIR> d-------- C:\Program Files\Google
2007-05-13 12:59 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-12 17:26 <DIR> d-------- C:\4c5850b8ec723e9052fdaef2db
2007-05-12 17:10 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-12 16:28 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-12 15:42 318 --a------ C:\delete.bat
2007-05-12 02:22 <DIR> d-------- C:\Program Files\ParadisePoker
2007-05-11 23:06 <DIR> d-------- C:\Program Files\a-squared Free
2007-05-10 00:14 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-09 22:17 <DIR> d-------- C:\VundoFix Backups
2007-05-09 00:13 1,463,124 --a------ C:\WINDOWS\system32\fedafrob.ini.ren
2007-05-09 00:09 876,654 --ahs---- C:\WINDOWS\system32\ijkmp.ini.ren
2007-05-09 00:09 875,995 --a------ C:\WINDOWS\system32\ijkmp.bak1.ren
2007-05-08 23:59 <DIR> d-------- C:\WINDOWS\Web Download
2007-05-08 23:59 <DIR> d-------- C:\WINDOWS\olgs
2007-05-08 23:59 <DIR> d-------- C:\WINDOWS\logs
2007-05-06 12:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoEgg
2007-04-25 17:53 1,244 --a------ C:\WINDOWS\system32\ktrrjtme.ini.ren
2007-04-25 17:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
2007-04-25 17:14 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-24 22:54 758,708 --a------ C:\WINDOWS\system32\wybeg.ini.ren
2007-04-23 16:04 755,043 --a------ C:\WINDOWS\system32\wybeg.bak1.ren


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-12 01:03:25 -------- d-----w C:\Program Files\XoftSpy
2007-05-10 17:41:52 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-10 17:39:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InstallShield Installation Information
2007-05-10 17:38:04 -------- d-----w C:\Program Files\DivX
2007-04-19 15:59:26 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll
2007-04-16 18:09:59 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PC Suite
2007-04-16 18:04:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Nokia Multimedia Player
2007-03-31 12:32:55 -------- d-----w C:\Program Files\ACD Systems
2007-03-29 16:10:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\GTek
2007-03-27 15:37:08 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-03-24 18:25:46 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-24 18:25:21 2,301 ----a-w C:\WINDOWS\mozver.dat
2007-03-24 17:48:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Datalayer
2007-03-23 21:15:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PPMate
2007-03-23 21:15:19 -------- d-----w C:\Program Files\Common Files\Synacast
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BtcMaestro"="C:\\Program Files\\KMaestro\\KMaestro.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-19 16:59]
"BtcMaestro"="C:\Program Files\KMaestro\KMaestro.exe" [2003-01-08 19:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-02 22:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-13 13:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BtcMaestro]
"ModelName"="8190URF"
"Version"="2.0.P-79AU MUL"
"Language"=dword:00000000
"KeyboardID"=dword:00000000
"MouseID"=dword:00000000
"KeyboardSID"=dword:00000000
"MouseSID"=dword:00000000
"RMenuSel"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\BtcMaestro\Config]
"DisplayLabel"=dword:00000001
"TaskbarIcon"=dword:00000001
"Autoplay"=dword:00000001
"L067"="Paint"
"L066"="Mouse Middle Button"
"L065"=""
"L064"=""
"L063"="Eject/Close 2"
"L062"=""
"L061"=""
"L060"=""
"L059"=""
"L058"=""
"L057"=""
"L056"=""
"L055"=""
"L054"=""
"L053"=""
"L052"=""
"L051"=""
"L050"=""
"L049"=""
"L048"=""
"L047"=""
"L046"=""
"L045"=""
"L044"="Calendar"
"L043"="Power Point"
"L042"="Excel"
"L041"="Word"
"L040"="Scroll Down"
"L039"="Scroll Up"
"L038"="Configure"
"L037"="Keyboard and Mouse Battery Low"
"L036"="Mouse Battery Low"
"L035"="Keyboard Battery Low"
"L034"=""
"L033"="Wake Up"
"L032"="Sleep"
"L031"="Power Off"
"L030"=""
"L029"=""
"L028"=""
"L027"=""
"L026"=""
"L025"="www Refresh"
"L024"=""
"L023"="Notepad"
"L022"="Explorer"
"L021"="Mediaplayer"
"L020"="My Documents"
"L019"="Calculator"
"L018"="KeyMaestro Help"
"L017"="OS Help"
"L016"="www Favorite"
"L015"="www Search"
"L014"="www Forward"
"L013"="www Back"
"L012"="www Stop"
"L011"="www"
"L010"="Email"
"L009"="Eject/Close"
"L008"="Previous Track"
"L007"="Next Track"
"L006"="Stop"
"L005"="Play/Pause"
"L004"="Volume Down"
"L003"="Volume Up"
"L002"="Mute"
"L001"="None"
"F067"="0C:paint"
"F066"="0B;mouse middle button"
"F065"="0A;europe dollar(OF)"
"F064"="0-;reply all(OF)"
"F063"="09;eject 2"
"F062"="08:help(OF)"
"F061"="07;redo(OF)"
"F060"="06;undo(OF)"
"F059"="05;task pane(OF)"
"F058"="04;send(OF)"
"F057"="03;f'ward(OF)"
"F056"="02;reply(OF)"
"F055"="01;bullets(OF)"
"F054"="00;spell(OF)"
"F053"="z;bold(OF)"
"F052"="y;replace(OF)"
"F051"="x;save(OF)"
"F050"="w;open(OF)"
"F049"="v;new(OF)"
"F048"="u;copy(OF)"
"F047"="t;cut(OF)"
"F046"="s;mark(OF)"
"F045"="r;paste(OF)"
"F044"="q;calendar(OF)"
"F043"="p;power point(OF)"
"F042"="o;excel(OF)"
"F041"="n;word(OF)"
"F040"="m;scroll down"
"F039"="l;scroll up"
"F038"="k;Configure"
"F037"="j;keyboard and mouse battery low"
"F036"="i;mouse battery low"
"F035"="h;keyboard battery low"
"F034"="g;keyboard and mouse battery OK"
"F033"="f:wake up"
"F032"="e:sleep"
"F031"="d;power off"
"F030"="c;mf"
"F029"="b;app. close"
"F028"="a;app. switch"
"F027"="Z;log off"
"F026"="Y;my computer"
"F025"="X;refresh(AC)"
"F024"="W;print(OF)"
"F023"="V;notepad"
"F022"="U;explorer"
"F021"="T;mediaplayer"
"F020"="S;my documents"
"F019"="R;calculator"
"F018"="Q;help(manual)"
"F017"="P;help(OS)"
"F016"="O;favorite(AC)"
"F015"="N;search(AC)"
"F014"="M;forward(AC)"
"F013"="L;back(AC)"
"F012"="K;stop(AC)"
"F011"="J;www(AC)"
"F010"="I;email(AL)"
"F009"="H;eject"
"F008"="G;previous track"
"F007"="F;next track"
"F006"="E;stop"
"F005"="D;play"
"F004"="C;volume down"
"F003"="B;volume up"
"F002"="A;mute"
"F001"="-;none"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 15:13]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader synchronizer.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^netgear wg311t smart wizard.lnk
C:\PROGRA~1\NETGEAR\WG311T\wlancfg5.exe /HIDE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^netgear wg311t wireless assistant.lnk
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe /HIDE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^owner^start menu^programs^startup^limewire on startup.lnk
C:\PROGRA~1\LimeWire\LimeWire.exe -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck
%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\license manager
"C:\Program Files\License_Manager\license_manager.exe " /silent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsuitetrayapplication
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsync
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sony ericsson pc suite
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trojanscanner
C:\Program Files\Trojan Remover\Trjscan.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmc_autoupdate


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yahoo! pager
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\setupSNK.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 14:04:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-13 14:04:51
C:\ComboFix-quarantined-files.txt ... 2007-05-13 14:04
C:\ComboFix2.txt ... 2007-05-12 16:40
C:\ComboFix3.txt ... 2007-05-12 16:28

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 08:21 AM

Could you post the new Hijackthis log please.
Posted Image
Posted Image

#7 celticnthell76

celticnthell76
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 08:23 AM

Sorry mate here it is..

tx chris

Logfile of HijackThis v1.99.1
Scan saved at 14:18:57, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145473798195
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145473869489
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = desktop
O17 - HKLM\Software\..\Telephony: DomainName = desktop
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = desktop
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 08:50 AM

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.zip
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\fedafrob.ini.ren
C:\WINDOWS\system32\ijkmp.ini.ren
C:\WINDOWS\system32\ijkmp.bak1.ren
C:\WINDOWS\system32\ktrrjtme.ini.ren
C:\WINDOWS\system32\wybeg.ini.ren
C:\WINDOWS\system32\wybeg.bak1.ren


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.

*******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#9 celticnthell76

celticnthell76
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 09:03 AM

Hi again richie.. the only problem i can see is left mate is that the menu of turn off computer is not there as it was before in the start menu this is one of the first thing that i did notice before everything went pear shaped is there aything i can do to resolve this mate? i will send you another hijackthis log just in case there is something still hiding in there... can i also say thank you very mate i will donate to the site for your kind work and time you have gave me..




Logfile of HijackThis v1.99.1
Scan saved at 14:59:06, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145473798195
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145473869489
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = desktop
O17 - HKLM\Software\..\Telephony: DomainName = desktop
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = desktop
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 09:17 AM

See if the following registry fix helps:
Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then restart your pc.

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"=dword:0000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLogOff"=dword:0000000


Posted Image
Posted Image

#11 celticnthell76

celticnthell76
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 09:57 AM

Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then restart your pc.
how can i merge this into the reg mate?????


i have also noticed that start up items are not starting such as key meastro wireless keyboard.. i manually turn this on and it still will not go on mate...

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 10:50 AM

how can i merge this into the reg mate?????

After double clicking on the fix.reg file on your desktop,a box should pop up asking you if you want to merge the information into the registry,click on 'Yes'.
Then restart your pc.
Posted Image
Posted Image

#13 celticnthell76

celticnthell76
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 10:59 AM

Done that mate tx a million again. i have now backed up all my info onto an external drive and also set a restore point on the pc.. the only thing i find wierd is that a1 services is still in hijack this as a 023 service and it will not let me delete this service or remove it from the program files in my computer it is just leaving the icon in the folder and reporting file in use.... also the safe mode is giving me two users adminastartor and owner me... should i delete this admin account or is this a dell parttion thing?

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 13 May 2007 - 11:08 AM

a1 services is still in hijack this as a 023 service and it will not let me delete this service or remove it from the program files in my computer it is just leaving the icon in the folder and reporting file in use

Are you refering to this entry:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

If you are,do the following:

Click on Start/Run,type CMD then press Ok.
At the Command Prompt copy and paste the following commands pressing Enter after each one.

SC STOP a2free
SC DELETE a2free


Then type EXIT then press Enter.
Restart your pc.

also the safe mode is giving me two users adminastartor and owner me... should i delete this admin account or is this a dell parttion thing?

Not 100% sure,you'ed better not touch that,leave it alone.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users