1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HiJack this logfile...can anyone tell me what to do?

Discussion in 'Virus & Other Malware Removal' started by joegallard, Jan 25, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. joegallard

    joegallard Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    7
    Logfile of HijackThis v1.99.1
    Scan saved at 09:58:02, on 25/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\tms42\Tms4.exe
    C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\TimeLeft3\TimeLeft.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Alerter Client.exe.lnk = ?
    O4 - Startup: RoadAngel USB.lnk = ?
    O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...tonmartin.com/configurator/vanquish_load.html
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - https://www4.king.com/midasa.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
    O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://2003server/capella/Codebase/arview2.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emeadailydemos.webex.com/client/T23L/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pangbourne2.local
    O17 - HKLM\Software\..\Telephony: DomainName = pangbourne2.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pangbourne2.local
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    why have you got 2 antiviruses

    AVG & Symantec

    they will prevent each other fixing the problem

    choose which one you want & uninstall the other

    then

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    & post a new HJT log
     
  3. joegallard

    joegallard Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    7
    Cheers for that have deleted AVG......results from combofix were:


    "joe" - 07-01-25 12:35:22 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Joe"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\taskdir.exe
    C:\WINDOWS\system32\zlbw.dll


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


    2007-01-25 12:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
    2007-01-24 15:27 <DIR> d-------- C:\Downloads
    2007-01-24 15:26 <DIR> d-------- C:\Program Files\BitComet
    2007-01-24 10:08 <DIR> d--h----- C:\WINDOWS\PIF
    2007-01-24 09:11 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-01-23 16:21 <DIR> d-------- C:\Program Files\Hijackthis
    2007-01-23 15:26 <DIR> d-------- C:\fixwareout
    2007-01-23 10:31 32,387 --a------ C:\WINDOWS\system32\sgsanTk.exe
    2007-01-22 16:24 32,387 --a------ C:\WINDOWS\system32\cAltRM3.exe
    2007-01-22 15:01 32,387 --a------ C:\WINDOWS\system32\game5.exe
    2007-01-22 12:35 <DIR> d-------- C:\WINDOWS\WBEM
    2007-01-22 12:35 <DIR> d-------- C:\WINDOWS\system32\en-US
    2007-01-22 12:34 <DIR> d--h-c--- C:\WINDOWS\ie7
    2007-01-22 12:32 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2007-01-22 12:31 <DIR> d-------- C:\WINDOWS\network diagnostic
    2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\game4.exe
    2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\game2.exe
    2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\game1.exe
    2007-01-22 08:44 6,275 --a------ C:\WINDOWS\system32\adirss.exe
    2007-01-22 08:44 48,259 --a------ C:\WINDOWS\system32\game3.exe
    2007-01-22 08:44 47,235 ---h----- C:\WINDOWS\system32\alsys.exe
    2007-01-22 08:44 31,363 --a------ C:\WINDOWS\system32\ru8Baf5.exe
    2007-01-22 08:43 54,403 --a------ C:\WINDOWS\system32\game0.exe
    2007-01-11 15:54 <DIR> d-------- C:\Program Files\CronoSoft
    2007-01-10 16:15 <DIR> d-------- C:\Program Files\PARTYGAMING
    2007-01-10 12:10 <DIR> d-------- C:\Program Files\Mozilla Firefox
    2007-01-05 11:13 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2007-01-05 11:13 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2007-01-05 11:13 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-24 15:27 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2007-01-24 10:40 -------- d-------- C:\Program Files\symantec antivirus
    2007-01-24 10:06 -------- d-------- C:\Program Files\symantec
    2007-01-23 11:43 -------- d-------- C:\Program Files\documents and setting
    2007-01-15 12:55 -------- d-------- C:\Program Files\Common Files\installshield
    2007-01-10 12:10 -------- d-------- C:\DOCUME~1\Joe\Application Data\mozilla
    2007-01-10 11:24 -------- d-------- C:\Program Files\java
    2007-01-03 16:45 -------- d---s---- C:\DOCUME~1\Joe\Application Data\microsoft
    2006-12-19 17:04 -------- d-------- C:\Program Files\messenger
    2006-12-19 14:19 -------- d-------- C:\Program Files\opera
    2006-12-18 13:05 -------- d-------- C:\Program Files\movie maker
    2006-12-18 13:01 -------- d-------- C:\Program Files\windows nt
    2006-12-13 11:53 -------- d-------- C:\DOCUME~1\Joe\Application Data\utorrent
    2006-12-12 10:13 -------- d-------- C:\DOCUME~1\Joe\Application Data\adobeum
    2006-12-07 06:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-12-01 11:40 -------- d-------- C:\Program Files\itunes
    2006-12-01 11:40 -------- d-------- C:\Program Files\ipod
    2006-12-01 11:40 -------- d-------- C:\DOCUME~1\Joe\Application Data\apple computer
    2006-12-01 11:39 -------- d-------- C:\Program Files\quicktime
    2006-12-01 11:37 -------- d-------- C:\Program Files\apple software update
    2006-11-27 16:52 -------- d-------- C:\Program Files\timeleft3
    2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "igfxtray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\System32\\igfxpers.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "Agent"="C:\\WINDOWS\\system32\\alsys.exe"
    "SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"
    "Agent"="C:\\WINDOWS\\system32\\alsys.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "taskdir"="C:\\WINDOWS\\system32\\taskdir.exe"
    "Agent"="C:\\WINDOWS\\system32\\alsys.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    Completion time: 07-01-25 12:38:28
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets see how much this fixes before we go in manually to delete

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:
      • Sweep Memory Objects
      • Sweep Windows Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  5. joegallard

    joegallard Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    7
    Ok here is the spy sweeper file.....amd



    14:34: Removal process completed. Elapsed time 00:00:25
    14:34: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST2166.tmp". Reason: The system cannot find the file specified
    14:34: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    14:34: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST2166.tmp". Reason: The system cannot find the file specified
    14:34: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    14:34: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST2166.tmp". Reason: The system cannot find the file specified
    14:33: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    14:33: Quarantining All Traces: yadro cookie
    14:33: Quarantining All Traces: passion cookie
    14:33: Quarantining All Traces: go.com cookie
    14:33: Quarantining All Traces: did-it cookie
    14:33: Quarantining All Traces: overture cookie
    14:33: Quarantining All Traces: atwola cookie
    14:33: Quarantining All Traces: ask cookie
    14:33: Quarantining All Traces: xiti cookie
    14:33: Quarantining All Traces: myaffiliateprogram.com cookie
    14:33: Quarantining All Traces: trb.com cookie
    14:33: Quarantining All Traces: toplist cookie
    14:33: Quarantining All Traces: tacoda cookie
    14:33: Quarantining All Traces: partypoker cookie
    14:33: Quarantining All Traces: 2o7.net cookie
    14:33: Quarantining All Traces: webtrends cookie
    14:33: Quarantining All Traces: infospace cookie
    14:33: Quarantining All Traces: ic-live cookie
    14:33: Quarantining All Traces: burstnet cookie
    14:33: Quarantining All Traces: bizrate cookie
    14:33: Quarantining All Traces: a cookie
    14:33: Quarantining All Traces: atlas dmt cookie
    14:33: Quarantining All Traces: touchclarity cookie
    14:33: Quarantining All Traces: hbmediapro cookie
    14:33: Quarantining All Traces: yieldmanager cookie
    14:33: Quarantining All Traces: about cookie
    14:33: Quarantining All Traces: 180search assistant/zango
    14:33: Quarantining All Traces: systemprocess
    14:33: Quarantining All Traces: trojan-backdoor-securemulti
    14:33: Removal process initiated
    14:33: Traces Found: 77
    14:33: Full Sweep has completed. Elapsed time 00:41:00
    14:33: File Sweep Complete, Elapsed Time: 00:35:36
    14:27: Warning: Failed to access drive D:
    14:26: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0598o.htm". The operation completed successfully
    14:26: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0598n.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05687.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05685.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05684.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05683.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05682.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567z.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567w.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567v.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567u.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567t.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567n.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567m.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567l.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0567k.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567j.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567g.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567e.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0567c.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05670.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566z.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566t.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566j.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566d.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566c.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566a.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05666.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05662.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr05660.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0565q.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0565o.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0565f.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0565a.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05659.js". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05652.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0566h.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0564s.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0564n.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0564g.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05647.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05646.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05645.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05643.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563z.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563x.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563v.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563s.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563r.jpg". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563q.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563l.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0563h.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563g.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563f.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056jz.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562z.jpg". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562y.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gk.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562p.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056au.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562i.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gi.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gh.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gg.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056jx.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562b.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05626.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ge.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gc.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056gb.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ga.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g8.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g7.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05623.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g5.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05621.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05620.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g4.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g3.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dk.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056hb.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561z.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g2.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g1.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056g0.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dj.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056fy.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056i5.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561u.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561t.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dh.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dg.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056df.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056de.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dd.js". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056dc.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ib.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056db.js". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056da.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056fq.js". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056d9.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056cl.xml". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056ck.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561s.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561n.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056cf.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561j.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561i.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561h.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561g.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561e.jpg". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562a.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05629.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0561a.gif". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562t.htm". The operation completed successfully
    14:25: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05617.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05678.js". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05616.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0560w.xml". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0569c.htm". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0563a.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05639.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0560q.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0560p.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0560k.xml". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05697.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056hg.htm". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056c5.xml". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr054hm.html". The operation completed successfully
    14:24: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05628.gif". The operation completed successfully
    14:24: Warning: Failed to open file "c:\program files\symantec antivirus\savrt\0257nav~.tmp". The operation completed successfully
    14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0565m.gif". The operation completed successfully
    14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0562q.gif". The operation completed successfully
    14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05627.gif". The operation completed successfully
    14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr0567i.xml". The operation completed successfully
    14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr056av.xml". The operation completed successfully
    14:22: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr04yd4.html". The operation completed successfully
    14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056d7.js". The operation completed successfully
    14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr0564k.htm". The operation completed successfully
    14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\opcache\opr055cv.xml". The operation completed successfully
    14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr056i7.htm". The operation completed successfully
    14:21: Warning: Failed to open file "c:\documents and settings\joe\application data\opera\opera\profile\cache4\opr05648.htm". The operation completed successfully
    14:21: Warning: Failed to open file "c:\program files\symantec antivirus\savrt\0534nav~.tmp". The operation completed successfully
    13:57: Starting File Sweep
    13:57: Cookie Sweep Complete, Elapsed Time: 00:00:04
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 3743)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3557)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 6444)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2038)
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2729)
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 3113)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2728)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2523)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3106)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2027)
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2255)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 2245)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 6445)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 3751)
    13:57: c:\documents and settings\mpl\cookies\[email protected][2].txt (ID = 2037)
    13:57: c:\documents and settings\mpl\cookies\[email protected][1].txt (ID = 1957)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3743)
    13:57: Found Spy Cookie: yadro cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3557)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 6444)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2038)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2729)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3113)
     
  6. joegallard

    joegallard Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    7
    13:57: Found Spy Cookie: passion cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2728)
    13:57: Found Spy Cookie: go.com cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2523)
    13:57: Found Spy Cookie: did-it cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3106)
    13:57: Found Spy Cookie: overture cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2027)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2255)
    13:57: Found Spy Cookie: atwola cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2245)
    13:57: Found Spy Cookie: ask cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 6445)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3751)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2037)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3717)
    13:57: Found Spy Cookie: xiti cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3032)
    13:57: Found Spy Cookie: myaffiliateprogram.com cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2337)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3587)
    13:57: Found Spy Cookie: trb.com cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3557)
    13:57: Found Spy Cookie: toplist cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 6444)
    13:57: Found Spy Cookie: tacoda cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3111)
    13:57: Found Spy Cookie: partypoker cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 1958)
    13:57: Found Spy Cookie: 2o7.net cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2038)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3669)
    13:57: Found Spy Cookie: webtrends cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2865)
    13:57: Found Spy Cookie: infospace cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2821)
    13:57: Found Spy Cookie: ic-live cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2038)
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2336)
    13:57: Found Spy Cookie: burstnet cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2308)
    13:57: Found Spy Cookie: bizrate cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2027)
    13:57: Found Spy Cookie: a cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2253)
    13:57: Found Spy Cookie: atlas dmt cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 3566)
    13:57: Found Spy Cookie: touchclarity cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][1].txt (ID = 2768)
    13:57: Found Spy Cookie: hbmediapro cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 3751)
    13:57: Found Spy Cookie: yieldmanager cookie
    13:57: c:\documents and settings\joe\cookies\[email protected][2].txt (ID = 2037)
    13:57: Found Spy Cookie: about cookie
    13:57: Starting Cookie Sweep
    13:57: Registry Sweep Complete, Elapsed Time:00:00:23
    13:57: HKU\WRSS_Profile_S-1-5-21-485200759-2951494589-3153256623-1161\software\system process\ || lastptime (ID = 860390)
    13:57: HKU\WRSS_Profile_S-1-5-21-485200759-2951494589-3153256623-1161\software\system process\ (ID = 860389)
    13:57: HKU\WRSS_Profile_S-1-5-21-485200759-2951494589-3153256623-1161\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (ID = 554173)
    13:57: HKU\S-1-5-21-485200759-2951494589-3153256623-1164\software\system process\ || lastptime (ID = 860390)
    13:57: HKU\S-1-5-21-485200759-2951494589-3153256623-1164\software\system process\ (ID = 860389)
    13:57: Found Adware: systemprocess
    13:57: HKU\S-1-5-21-485200759-2951494589-3153256623-1164\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (ID = 554173)
    13:57: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\saix.dll (ID = 1156675)
    13:57: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/saix.dll\ (ID = 1156667)
    13:57: Found Adware: 180search assistant/zango
    13:57: Starting Registry Sweep
    13:57: Memory Sweep Complete, Elapsed Time: 00:04:01
    13:53: Starting Memory Sweep
    13:53: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || taskdir (ID = 1220571)
    13:53: Found Trojan Horse: trojan-backdoor-securemulti
    13:52: Start Full Sweep
    13:52: Sweep initiated using definitions version 816
    13:52: Spy Sweeper 5.2.3.2138 started
    13:52: | Start of Session, 25 January 2007 |
    ********
    13:52: | End of Session, 25 January 2007 |
    Keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    13:52: Shield States
    13:52: Spyware Definitions: 816
    13:52: Warning: Virus definitions files are invalid, please update your virus definitions. 220
    13:52: Spy Sweeper 5.2.3.2138 started
    13:52: Spy Sweeper 5.2.3.2138 started
    13:52: | Start of Session, 25 January 2007 |
    ********
    Logfile of HijackThis v1.99.1
    Scan saved at 14:37, on 07-01-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TimeLeft3\TimeLeft.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe
    O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Alerter Client.exe.lnk = ?
    O4 - Startup: RoadAngel USB.lnk = ?
    O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\MSN Messenger\1033\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...tonmartin.com/configurator/vanquish_load.html
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - https://www4.king.com/midasa.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
    O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://2003server/capella/Codebase/arview2.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emeadailydemos.webex.com/client/T23L/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pangbourne2.local
    O17 - HKLM\Software\..\Telephony: DomainName = pangbourne2.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pangbourne2.local
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the quote box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger&#8217;s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    then when it reboots

    Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

    Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    O4 - HKLM\..\Run: [Agent] C:\WINDOWS\system32\alsys.exe

    now Start killbox,

    Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

    then post anew HJT log & tell us how it is
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538189

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice