1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Loaded down with viruses and ect

Discussion in 'Malware and Virus Removal Archive' started by drakonic, 2007/10/13.

  1. 2007/10/13
    drakonic

    drakonic Inactive Thread Starter

    Joined:
    2007/03/14
    Messages:
    99
    Likes Received:
    0
    [Resolved] Loaded down with viruses and ect

    Hi, after i uninstalled zonealarm it seemed to delete all my un install programs and after that i re installed my operating system and problems just keep coming, i've reinstalled my op system 6 times, my browser some time gets redirected to other sites and pop ups.
    I seem to get alerts from avg hourly and i heal or quarantine them but to no avail, theres so many i dont pay much attention if they r the same ones that come back or not

    I did a kapersky online scan but in the middle i got a bunch of alerts of viruses and trojans in my system volume information which i healed what i could and quarantined the rest, it might of made the kapersky scan not as valid but i dont know, and i also have a hjt log

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, October 13, 2007 6:53:15 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 14/10/2007
    Kaspersky Anti-Virus database records: 435668
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 38569
    Number of viruses found: 6
    Number of infected objects: 34
    Number of suspicious objects: 0
    Duration of the scan process: 00:36:41

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\dfsr.db Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\fsr.log Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\tmp.edb Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows Live Contacts\kogawa_shizuki@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows Live Contacts\kogawa_shizuki@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\snapsnet.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\veoh_data_store.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF3EAD.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF3EB8.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF450A.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF4515.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF7BD.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~ROMFN_00000F80 Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~uga6psetup.exe/file15 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~uga6psetup.exe/file21 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~uga6psetup.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~uga6psetup.exe Inno: infected - 4 skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temporary Internet Files\Content.IE5\Q538X8V6\CAAVSXYF Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temporary Internet Files\Content.IE5\SXENSPQR\valera[1] Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Kisuay\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Kisuay\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-10-13.11-02-30.log Object is locked skipped
    C:\Program Files\MSN\honepaqe4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Program Files\MSN\honepaqe83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
    C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000187.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000209.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000209.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000215.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000219.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000221.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000223.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000310.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000310.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000312.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000312.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP13\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP14\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP15\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP16\A0000365.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP16\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP23\A0001216.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP24\A0002216.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0004235.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005232.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005233.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005235.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005239.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005245.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005246.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005247.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005248.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005249.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005250.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005252.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005253.exe Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP34\A0007566.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP34\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\axtkligh.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd0525.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\tyqpoqsu.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\system32\vz3\gcbb83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\WINDOWS\system32\vz3\gcbb83122.exe NSIS: infected - 1 skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.


    HJT log
    Logfile of HijackThis v1.99.1
    Scan saved at 6:50:12 PM, on 10/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz\command.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Kisuay\LOCALS~1\Temp\Rar$EX01.921\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animethat.com/
    O2 - BHO: (no name) - {3688BAA2-32D5-4A3C-8726-7464B1AC7375} - C:\Program Files\MSN\honepaqe83122.dll
    O2 - BHO: (no name) - {607EB4BB-EE5F-41F8-A7E0-C27B916B1BD8} - C:\Program Files\MSN\honepaqe4444.dll
    O2 - BHO: (no name) - {66ABDFCA-86AC-44C6-B14B-CCA51336B523} - C:\WINDOWS\system32\vtsts.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\sdmjhdcn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {CC6BFA9E-756D-4ECD-A411-6AD953C02216} - C:\WINDOWS\system32\awtss.dll (file missing)
    O2 - BHO: 0 - {D5012C5A-870B-4910-40BF-BF5726860941} - C:\Program Files\Common Files\lazu440.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\AVSystemCare\rtasks.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\huchtnhe.dll ",sitypnow
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Kisuay\Application Data\Microsoft\Windows\ojpihtmw.exe
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: yayyxwu - yayyxwu.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz\command.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lahpunxx.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    If what u can help me with makes a program not usable please tell me so we can sort it out ^_^
    Please and thank you.
     
    drakonic,
    #1
  2. 2007/10/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi drakonic :)

    Please do everything in the order given.

    You do not have HijackThis properly installed. Please download the HijackThis Installer from here and install it.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
    Reboot


    Download ComboFix by sUBs from here, saving the file to your Desktop.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/10/14
    drakonic

    drakonic Inactive Thread Starter

    Joined:
    2007/03/14
    Messages:
    99
    Likes Received:
    0
    Everything seemed to go fine here is the logs

    HJT
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:14:44 PM, on 10/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animethat.com/
    O2 - BHO: (no name) - {66ABDFCA-86AC-44C6-B14B-CCA51336B523} - C:\WINDOWS\system32\vtsts.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {CC6BFA9E-756D-4ECD-A411-6AD953C02216} - C:\WINDOWS\system32\awtss.dll (file missing)
    O2 - BHO: 0 - {D5012C5A-870B-4910-40BF-BF5726860941} - C:\Program Files\Common Files\lazu440.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O20 - Winlogon Notify: yayyxwu - yayyxwu.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 5522 bytes


    ComboFix 07-10-14.1 - Kisuay 2007-10-13 23:10:15.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1556 [GMT -7:00]
    Running from: C:\Documents and Settings\Kisuay\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\Documents and Settings\Kisuay\Application Data\WinTouch
    C:\Documents and Settings\Kisuay\Application Data\WinTouch\config.cfg.c3d8d9a8e54600782eb6b29b5810715f
    C:\Documents and Settings\Kisuay\Application Data\WinTouch\wintouch.cfg
    C:\Program Files\Common Files\projy.html
    C:\Program Files\inetget2
    C:\Program Files\Insider
    C:\Program Files\MSN\honepaqe4444.dll
    C:\Program Files\MSN\honepaqe83122.dll
    C:\Program Files\WinAble
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz\command.exe
    C:\WINDOWS\system32\atmtd.dll.tmp
    C:\WINDOWS\system32\axtkligh.exe
    C:\WINDOWS\system32\sdmjhdcn.dll
    C:\WINDOWS\system32\sstwa.bak1
    C:\WINDOWS\system32\sstwa.bak2
    C:\WINDOWS\system32\sstwa.ini
    C:\WINDOWS\system32\ststv.bak1
    C:\WINDOWS\system32\ststv.bak2
    C:\WINDOWS\system32\ststv.ini
    C:\WINDOWS\system32\tyqpoqsu.exe
    C:\WINDOWS\TTC-4444.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\cmdService
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
    .

    2007-10-13 23:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-13 23:04 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-13 18:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-13 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-13 00:16 <DIR> d-------- C:\Program Files\Oblivion
    2007-10-12 16:41 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-10-12 08:51 <DIR> d-------- C:\Program Files\Alcohol Soft
    2007-10-12 08:51 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
    2007-10-12 08:11 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-12 08:11 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0525.sys
    2007-10-12 08:06 <DIR> d-------- C:\Program Files\Codemasters
    2007-10-11 20:16 <DIR> d-------- C:\Program Files\NCSoft
    2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\GetRightToGo
    2007-10-11 17:26 <DIR> d-------- C:\Program Files\Trymedia
    2007-10-11 17:26 <DIR> d-------- C:\Program Files\Hexacto Games
    2007-10-11 16:20 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-11 16:18 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\Grisoft
    2007-10-11 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-11 16:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-11 15:30 <DIR> d-------- C:\Program Files\Undisker
    2007-10-10 21:55 <DIR> d-------- C:\Program Files\Azureus
    2007-10-10 21:55 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\Azureus
    2007-10-10 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-10-10 21:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\DivX
    2007-10-09 17:45 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
    2007-10-09 17:44 <DIR> d-------- C:\WINDOWS\Sun
    2007-10-09 03:28 <DIR> d-------- C:\Program Files\Google
    2007-10-08 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-08 18:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-10-08 18:55 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-08 17:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Shared
    2007-10-08 17:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Incomplete
    2007-10-08 17:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\LimeWire
    2007-10-08 17:18 <DIR> d-------- C:\Program Files\Java
    2007-10-08 17:17 <DIR> d-------- C:\Program Files\Winamp
    2007-10-08 17:17 <DIR> d-------- C:\Program Files\LimeWire
    2007-10-08 17:17 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-08 03:42 <DIR> d-------- C:\WINDOWS\system32\Lang
    2007-10-08 00:39 <DIR> d-------- C:\Program Files\Veoh Networks
    2007-10-08 00:33 <DIR> d-------- C:\Program Files\DivX
    2007-10-08 00:33 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\Talkback
    2007-10-08 00:32 <DIR> d---s---- C:\Documents and Settings\Kisuay\UserData
    2007-10-08 00:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2007-10-07 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-10-07 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2007-10-07 22:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
    2007-10-07 22:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-10-07 22:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-10-07 22:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-10-07 22:39 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-10-07 22:36 <DIR> d-------- C:\Program Files\Temporary
    2007-10-07 22:33 <DIR> d-------- C:\WINDOWS\system32\vz3
    2007-10-07 22:33 <DIR> d-------- C:\WINDOWS\system32\vMW02a
    2007-10-07 22:33 <DIR> d-------- C:\WINDOWS\system32\cz1
    2007-10-07 22:33 <DIR> d-------- C:\WINDOWS\system32\ab2
    2007-10-07 22:33 <DIR> d--hs---- C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz
    2007-10-07 22:33 <DIR> d-------- C:\Temp\xOe
    2007-10-07 22:33 <DIR> d-------- C:\Temp
    2007-10-07 22:26 <DIR> d-------- C:\Program Files\Bethesda Softworks
    2007-10-07 22:24 <DIR> d-------- C:\Documents and Settings\Kisuay\Contacts
    2007-10-07 22:23 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-10-07 22:18 <DIR> d-------- C:\Program Files\Gigabyte
    2007-10-07 22:18 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe
    2007-10-07 22:18 81,920 --a------ C:\WINDOWS\system32\Install6x.dll
    2007-10-07 22:18 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-07 22:18 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
    2007-10-07 22:18 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
    2007-10-07 22:18 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
    2007-10-07 22:11 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
    2007-10-07 22:04 <DIR> d-------- C:\WINDOWS\nview
    2007-10-07 22:04 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-10-07 22:02 <DIR> d-------- C:\Program Files\Realtek
    2007-10-07 22:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-07 22:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2007-10-07 22:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-07 22:01 <DIR> d-------- C:\Program Files\DIFX
    2007-10-07 22:01 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\InstallShield
    2007-10-07 22:01 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
    2007-10-07 22:01 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-10-07 22:01 356,352 --a------ C:\WINDOWS\system32\nvuide.exe
    2007-10-07 22:01 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
    2007-10-07 22:01 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
    2007-10-07 22:00 14,656 --a------ C:\WINDOWS\gdrv.sys
    2007-10-07 22:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-09-28 09:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 09:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 09:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-09-28 09:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 09:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 23:04 246 ----a-w C:\Program Files\Common Files\lazu440
    2007-10-11 09:19 10 ----a-w C:\Program Files\.autoreg
    2007-10-08 05:02 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-10-08 04:55 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-28 16:07 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-09-28 16:07 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-09-28 16:07 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66ABDFCA-86AC-44C6-B14B-CCA51336B523}]
    C:\WINDOWS\system32\vtsts.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC6BFA9E-756D-4ECD-A411-6AD953C02216}]
    C:\WINDOWS\system32\awtss.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5012C5A-870B-4910-40BF-BF5726860941}]
    C:\Program Files\Common Files\lazu440.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
    "nwiz "= "nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-01-30 03:54 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 16:19]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
    "PlayNC Launcher "= "C:\program files\ncsoft\launcher\NCLauncher.exe" [2007-08-21 07:00]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    GN-WP01GS Utility.lnk - C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-10-07 22:18:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyxwu]
    yayyxwu.dll

    S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-13 23:12:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-13 23:13:59 - machine was rebooted
    .
    --- E O F ---
     
    drakonic,
    #3
  5. 2007/10/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
C:\Program Files\Common Files\lazu440
Folder::
C:\WINDOWS\system32\vz3
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\cz1
C:\WINDOWS\system32\ab2
C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz
C:\Temp\xOe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66ABDFCA-86AC-44C6-B14B-CCA51336B523}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC6BFA9E-756D-4ECD-A411-6AD953C02216}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5012C5A-870B-4910-40BF-BF5726860941}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyxwu]
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Did you add these to your IE Trusted Zone? I'm assuming you didn't, and therefore recommend you scan again with HijackThis and fix those entries.

    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

    Post a fresh HijackThis log along with the ComboFix log.

    I see you also went through the trouble of re-installing Limewire ...... now there's a good source for infections. I recommend you get rid of it, and stay away from other p2p file sharing programs as well. The number of infected computers transferring files accross those networks is beyond unimaginable.
     
    noahdfear,
    #4
  6. 2007/10/14
    drakonic

    drakonic Inactive Thread Starter

    Joined:
    2007/03/14
    Messages:
    99
    Likes Received:
    0
    I dont think i added anything to the trusted zone so i did delete them

    HJT
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:10:02 PM, on 10/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animethat.com/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 4803 bytes


    And heres the combofix
    ComboFix 07-10-14.1 - Kisuay 2007-10-14 12:06:24.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1497 [GMT -7:00]
    Running from: C:\Documents and Settings\Kisuay\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kisuay\Desktop\CFScript.txt
    * Created a new restore point

    FILE::
    C:\Program Files\Common Files\lazu440
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Common Files\lazu440
    C:\Temp\xOe
    C:\Temp\xOe\tOasF.log
    C:\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz
    C:\WINDOWS\system32\ab2
    C:\WINDOWS\system32\cz1
    C:\WINDOWS\system32\vMW02a
    C:\WINDOWS\system32\vz3
    C:\WINDOWS\system32\vz3\gcbb83122.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
    .

    2007-10-13 23:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-13 23:04 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-13 18:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-13 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-13 00:16 <DIR> d-------- C:\Program Files\Oblivion
    2007-10-12 16:41 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-10-12 08:51 <DIR> d-------- C:\Program Files\Alcohol Soft
    2007-10-12 08:51 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
    2007-10-12 08:11 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-12 08:11 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0525.sys
    2007-10-12 08:06 <DIR> d-------- C:\Program Files\Codemasters
    2007-10-11 20:16 <DIR> d-------- C:\Program Files\NCSoft
    2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\GetRightToGo
    2007-10-11 17:26 <DIR> d-------- C:\Program Files\Trymedia
    2007-10-11 17:26 <DIR> d-------- C:\Program Files\Hexacto Games
    2007-10-11 16:20 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-11 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-11 16:18 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\Grisoft
    2007-10-11 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-11 16:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-11 15:30 <DIR> d-------- C:\Program Files\Undisker
    2007-10-10 21:55 <DIR> d-------- C:\Program Files\Azureus
    2007-10-10 21:55 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\Azureus
    2007-10-10 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-10-10 21:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\DivX
    2007-10-09 17:45 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
    2007-10-09 17:44 <DIR> d-------- C:\WINDOWS\Sun
    2007-10-09 03:28 <DIR> d-------- C:\Program Files\Google
    2007-10-08 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-08 18:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-10-08 18:55 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-08 17:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Shared
    2007-10-08 17:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Incomplete
    2007-10-08 17:19 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\LimeWire
    2007-10-08 17:18 <DIR> d-------- C:\Program Files\Java
    2007-10-08 17:17 <DIR> d-------- C:\Program Files\Winamp
    2007-10-08 17:17 <DIR> d-------- C:\Program Files\LimeWire
    2007-10-08 17:17 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-08 03:42 <DIR> d-------- C:\WINDOWS\system32\Lang
    2007-10-08 00:39 <DIR> d-------- C:\Program Files\Veoh Networks
    2007-10-08 00:33 <DIR> d-------- C:\Program Files\DivX
    2007-10-08 00:33 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\Talkback
    2007-10-08 00:32 <DIR> d---s---- C:\Documents and Settings\Kisuay\UserData
    2007-10-08 00:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2007-10-07 22:42 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-10-07 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2007-10-07 22:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
    2007-10-07 22:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-10-07 22:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2007-10-07 22:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-10-07 22:39 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-10-07 22:36 <DIR> d-------- C:\Program Files\Temporary
    2007-10-07 22:33 <DIR> d-------- C:\Temp
    2007-10-07 22:26 <DIR> d-------- C:\Program Files\Bethesda Softworks
    2007-10-07 22:24 <DIR> d-------- C:\Documents and Settings\Kisuay\Contacts
    2007-10-07 22:23 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-10-07 22:18 <DIR> d-------- C:\Program Files\Gigabyte
    2007-10-07 22:18 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe
    2007-10-07 22:18 81,920 --a------ C:\WINDOWS\system32\Install6x.dll
    2007-10-07 22:18 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-07 22:18 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
    2007-10-07 22:18 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin
    2007-10-07 22:18 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
    2007-10-07 22:11 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
    2007-10-07 22:04 <DIR> d-------- C:\WINDOWS\nview
    2007-10-07 22:04 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-10-07 22:02 <DIR> d-------- C:\Program Files\Realtek
    2007-10-07 22:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-07 22:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2007-10-07 22:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-07 22:01 <DIR> d-------- C:\Program Files\DIFX
    2007-10-07 22:01 <DIR> d-------- C:\Documents and Settings\Kisuay\Application Data\InstallShield
    2007-10-07 22:01 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
    2007-10-07 22:01 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-10-07 22:01 356,352 --a------ C:\WINDOWS\system32\nvuide.exe
    2007-10-07 22:01 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
    2007-10-07 22:01 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
    2007-10-07 22:00 14,656 --a------ C:\WINDOWS\gdrv.sys
    2007-10-07 22:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-09-28 09:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 09:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 09:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-09-28 09:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 09:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-11 09:19 10 ----a-w C:\Program Files\.autoreg
    2007-10-08 05:23 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
    2007-10-08 05:02 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-10-08 04:55 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-28 16:07 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-09-28 16:07 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-09-28 16:07 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-09-28 16:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-09-28 16:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-09-28 16:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
    "nwiz "= "nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
    "RTHDCPL "= "RTHDCPL.EXE" [2007-01-30 03:54 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel "= "SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 16:19]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "Veoh "= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
    "PlayNC Launcher "= "C:\program files\ncsoft\launcher\NCLauncher.exe" [2007-08-21 07:00]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    GN-WP01GS Utility.lnk - C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-10-07 22:18:45]

    S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-14 12:07:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-14 12:07:23
    C:\ComboFix2.txt ... 2007-10-13 23:13
    .
    --- E O F ---
    I might get rid of limewire not sure yet, it doesnt cause me much problems but ill think on it.
    Thanks :)
    So how far are we now?
     
    drakonic,
    #5
  7. 2007/10/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Lets make sure we haven't missed anything. Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log.
     
    noahdfear,
    #6
  8. 2007/10/14
    drakonic

    drakonic Inactive Thread Starter

    Joined:
    2007/03/14
    Messages:
    99
    Likes Received:
    0
    Here is my new kepersky log.


    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, October 14, 2007 8:07:51 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 15/10/2007
    Kaspersky Anti-Virus database records: 436048
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 31863
    Number of viruses found: 5
    Number of infected objects: 34
    Number of suspicious objects: 0
    Duration of the scan process: 00:25:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\dfsr.db Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\fsr.log Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Messenger\kogawa_shizuki@hotmail.com\SharingMetadata\Working\database_FAE8_244F_E824_C87\tmp.edb Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows Live Contacts\kogawa_shizuki@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Application Data\Microsoft\Windows Live Contacts\kogawa_shizuki@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF23AE.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF23B9.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF2CD0.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temp\~DF2CE3.tmp Object is locked skipped
    C:\Documents and Settings\Kisuay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Kisuay\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Kisuay\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-10-13.23-12-21.log Object is locked skipped
    C:\qoobox\Quarantine\C\Program Files\MSN\honepaqe4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\qoobox\Quarantine\C\Program Files\MSN\honepaqe83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\qoobox\Quarantine\C\WINDOWS\Qmx1ZSBtb29uIG1hZ2Vz\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\axtkligh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\tyqpoqsu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\vz3\gcbb83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\vz3\gcbb83122.exe.vir NSIS: infected - 1 skipped
    C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir NSIS: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000187.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000209.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000209.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000215.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000219.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000221.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP10\A0000223.old Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000310.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000310.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000312.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP12\A0000312.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP13\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP14\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP15\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP16\A0000365.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP16\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP23\A0001216.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP25\A0005250.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP34\A0007566.dll Object is locked skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007592.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007593.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007594.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007595.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007599.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007602.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP35\A0007602.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP36\A0007663.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP36\A0007663.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{06777C44-8196-4483-8DA0-8020E8CFF658}\RP36\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd0525.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    drakonic,
    #7
  9. 2007/10/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're in good shape. Infected files are quarantined by ComboFix. :)

    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    If you're satisfied that the computer is working properly, clear the System Restore points. They are infected as well.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


    Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...