1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HijackThis log file (Stop Trojan attacks)

Discussion in 'Virus & Other Malware Removal' started by Red Peasant, Oct 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    I am having problems with trojan attacks even through my anti virus currently are able to handle and detele them there maybe one of these days that one of these devils may sneak through. So how can i stop the attacks once and for all? I believe i must have some weakness that these guys are using

    Logfile of HijackThis v1.99.1
    Scan saved at 12:47:54 AM, on 10/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    D:\Program Files\Norton AntiVirus\navapsvc.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    D:\WINDOWS\System32\nvsvc32.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
    D:\Program Files\Norton AntiVirus\SAVScan.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\PROGRA~1\PRINTV~1\pvmodule.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\Program Files\SpywareGuard\sgbhp.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Hijackthis\HijackThis.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Messenger\msmsgs.exe

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - blank (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - D:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.exe
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winbfi32 - D:\WINDOWS\SYSTEM32\winbfi32.dll
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!



    Please download (save) SmitfraudFix (by S!Ri) to your desktop.
    Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
    to a new folder called SmitfraudFix.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  3. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    SmitFraudFix v2.105

    Scan done at 20:04:30.85, Wed 10/11/2006
    Run from D:\Documents and Settings\Roger\Desktop\Cure\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Roger


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Roger\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Roger\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    So what now?
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You have two anti-virus programs running, which will cause trouble. Uninstall one or set it for on-demand only.



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.



    Run HJT again and put a check in the following:

    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - blank (file missing)
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - D:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
    O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - D:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [PVModule] D:\PROGRA~1\PRINTV~1\pvmodule.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe
    O20 - Winlogon Notify: winbfi32 - D:\WINDOWS\SYSTEM32\winbfi32.dll

    Close all applications and browser windows before you click "fix checked".



    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy the entire contents of the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
     
  5. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\iqsaivce

    *******************

    Script file located at: \??\D:\Program Files\loqavcqk.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at D:\Avenger

    *******************

    Beginning to process script file:



    File D:\WINDOWS\SYSTEM32\winbfi32.dll not found!
    Deletion of file D:\WINDOWS\SYSTEM32\winbfi32.dll failed!

    Could not process line:
    D:\WINDOWS\SYSTEM32\winbfi32.dll
    Status: 0xc0000034

    Folder D:\PROGRA~1\PRINTV~1 deleted successfully.
    Folder D:\Program Files\ToolBar888 deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.


    -------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 2:37:47 PM, on 10/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\SpywareGuard\sgbhp.exe
    D:\WINDOWS\system32\notepad.exe
    D:\Program Files\Hijackthis\HijackThis.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\wuauclt.exe

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Disable SpywareGuard:
    Right-click on the SG icon in your system tray and SpywareGuard should open.
    Click "Options" and then uncheck these options under the "General" tab:
    Enable Real-Time Scanning
    Enable Download Protection
    Enable Browser Hijack Protection
    Click "Save Settings"

    ** When we have completed all of your fixes, please re-enable these settings.


    Step 1: Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
    (This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
    1. After download, double click on the file to launch the install process.
    2. Choose a language, click "OK" and then click "Next".
    3. Read the "License Agreement" and click "I Agree".
    4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    8. Go to Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
    • When you find the guard service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Manual".
    • Now click "Apply", then "OK" and close the Services window.
    9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

    Step 2: Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Step 3: Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan?" check all (default).
    • Under "Possibly unwanted software" check all (default).
    • Under "What to Scan?" make sure "Scan every file" is selected (default).
    • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
    2. Click the "Scan" tab to return to scanning options.
    3. Click "Complete System Scan" to start.
    4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

    5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
    1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

    2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
     
  7. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    The report is in the attachment as the system said that i am uploading more then 20 images which i did not.

    The report only contains the Documents & Settings and System as for the System32 folder i only scan it after that and no report was generated as it is clean
     

    Attached Files:

  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)

    Close all applications and browser windows before you click "fix checked".

    Please post your HJT log again.
     
  9. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    Logfile of HijackThis v1.99.1
    Scan saved at 8:14:18 PM, on 10/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\SpywareGuard\sgmain.exe
    D:\Program Files\SpywareGuard\sgbhp.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Hijackthis\HijackThis.exe
    D:\Program Files\Mozilla Firefox\firefox.exe

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - D:\Program Files\ToolBar888\MyToolBar.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Looks good, any problems?
     
  11. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    Thanks for all your help this past few days, my pc is running alot better however i still have a little problem.

    I can't seem to install the mircosoft patch from its automatic updates- Security Update for Microsoft .NET Framework, Version 2.0 (KB922770)
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  13. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go here to download AlcanShorty_en.exe and save it to your desktop.
    • Double click the alcanShorty.exe file and follow prompts.
    • It will make a folder on desktop called Alcan Shorty
    • Open the Alcan Shorty folder & double click the run.bat file to run it.
    • This will download a file called BFU.exe and a BFU script.
    • If your firewall asks for permission to connect to the internet you must allow it.
    • A message box will pop up saying "complete".
    • Be patient and wait for the message box to appear as it may take some time.
    • Press OK then BFU.exe will open.
    • Select the option to "Show log after script ends"
    • Execute the script by clicking the Execute button.
    • Note that you should see a progress bar while the script is being executed.
    • When the script has finished press "copy" and that will make a copy of the report in your clipboard.
    • Paste the log into Notepad and save it to your desktop to post back here later.
    Note: If you have any questions about the use of BFU please read here.

    Reboot and post a new HijackThis log please.
     
  15. Red Peasant

    Red Peasant Thread Starter

    Joined:
    Oct 10, 2006
    Messages:
    37
    Here you go

    BFU v1.00.9
    Windows XP SP2 (WinNT 5.01.2600 SP2)
    Script started at 11:05:05 PM, on 10/18/2006

    Option Unload Explorer: Yes
    Failed: DllUnregister D:\WINDOWS\DH.dll|1 (file not found)
    Failed: DllUnregister D:\Program Files\Deskbar\deskbar.dll|1 (file not found)
    Failed: DllUnregister \asappsrv.dll|1 (file not found)
    Failed: DllUnregister \MyToolBar.dll (file not found)
    Failed: ServiceStop Network Monitor (service not found)
    Failed: ServiceStop cmdService (service not found)
    Failed: ServiceDisable Network Monitor (service not found)
    Failed: ServiceDisable cmdService (service not found)
    Failed: ServiceDelete Network Monitor (service not found)
    Failed: ServiceDelete cmdService (service not found)
    Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
    Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
    Option pause between commands: 300 ms
    Option pause between commands: 50 ms
    Failed: FolderDelete D:\Program Files\MsConfigs (folder not found)
    Failed: FolderDelete D:\Program Files\winupdates (folder not found)
    Failed: FolderDelete D:\Program Files\winupdate (folder not found)
    Failed: FolderDelete D:\Program Files\winsupdater (folder not found)
    Failed: FolderDelete D:\Program Files\MsUpdate (folder not found)
    Failed: FolderDelete D:\Program Files\MsMovies (folder not found)
    Failed: FolderDelete D:\Program Files\wmplayer (folder not found)
    Failed: FolderDelete D:\Program Files\outlook (folder not found)
    Failed: FileDelete D:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
    Failed: FileDelete D:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
    Failed: FileDelete D:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
    Failed: FolderDelete D:\Program Files\toolbar888 (folder not found)
    Failed: FolderDelete D:\Program Files\e-mailpaysu toolbar (folder not found)
    Failed: FolderDelete D:\Program Files\EMUSIC TOOLBAR (folder not found)
    Failed: FolderDelete D:\Program Files\find dvd toolbar (folder not found)
    Failed: FolderDelete D:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
    Failed: FolderDelete D:\Program Files\sesam-p4 toolbar (folder not found)
    Failed: FolderDelete D:\Program Files\slownik ling (folder not found)
    Failed: FolderDelete D:\Program Files\MediaPipe (folder not found)
    Failed: FolderDelete D:\Program Files\p2pnetworks (folder not found)
    Failed: FileDelete D:\DOCUME~1\Roger\LOCALS~1\Temp\~DF3C5B.tmp (operation failed)
    Failed: FileDelete D:\DOCUME~1\Roger\LOCALS~1\Temp\~DFC695.tmp (operation failed)
    Failed: FileDelete D:\DOCUME~1\Roger\LOCALS~1\Temp\~DFD9A9.tmp (operation failed)
    Failed: FileDelete D:\DOCUME~1\Roger\LOCALS~1\Temp\~DFEFEA.tmp (operation failed)
    Failed: FolderDelete D:\Program Files\Maxifiles (folder not found)
    Failed: FolderDelete D:\Program Files\DNS (folder not found)
    Failed: FolderDelete D:\Program Files\EQAdvice (folder not found)
    Failed: FolderDelete D:\Program Files\FCAdvice (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\FreeProd1 (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\FreeProd2 (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\InetGet (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\InetGet2 (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\svchostsys (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\simtest (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderDelete D:\Program Files\InetGet2 (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\VCClient (folder not found)
    Failed: FolderDelete D:\Program Files\Network Monitor (folder not found)
    Failed: FolderDelete D:\WINDOWS\inet20001 (folder not found)
    Failed: FolderDelete D:\Program Files\Update06 (folder not found)
    Failed: FolderDelete D:\Program Files\Update03 (folder not found)
    Failed: FolderDelete D:\Program Files\Update04 (folder not found)
    Failed: FolderDelete D:\Program Files\Update08 (folder not found)
    Failed: FolderDelete D:\Program Files\W-Update (folder not found)
    Failed: FolderDelete D:\Program Files\Yazzle Sudoku (folder not found)
    Failed: FolderDelete D:\Program Files\Cas (folder not found)
    Failed: FolderDelete D:\Program Files\CasStub (folder not found)
    Failed: FolderDelete D:\Program Files\Cas2Stub (folder not found)
    Failed: FolderDelete D:\Program Files\ipwins (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\Snowball Wars (folder not found)
    Failed: FolderDelete C:\temp (folder not found)
    Failed: FolderDelete D:\WINDOWS\mdrive (folder not found)
    Failed: FolderDelete D:\WINDOWS\system32\crunner (folder not found)
    Failed: FolderDelete D:\Program Files\PECarlin (folder not found)
    Failed: FolderDelete D:\Program Files\AXVenore (folder not found)
    Failed: FolderDelete D:\Program Files\SDVita (folder not found)
    Failed: FolderDelete D:\Program Files\EQBranch (folder not found)
    Failed: FolderDelete D:\Program Files\EQArticle (folder not found)
    Failed: FolderDelete D:\Program Files\PSHope (folder not found)
    Failed: FolderDelete D:\Program Files\Batty (folder not found)
    Failed: FolderDelete D:\Program Files\Batty2 (folder not found)
    Failed: FolderDelete D:\Program Files\AXFibula (folder not found)
    Failed: FolderDelete D:\Program Files\CMFibula (folder not found)
    Failed: FolderDelete D:\Program Files\PSLister (folder not found)
    Failed: FolderDelete D:\Program Files\PSCloner (folder not found)
    Failed: FolderDelete D:\Program Files\cmapp (folder not found)
    Failed: FolderDelete D:\Program Files\cmman (folder not found)
    Failed: FolderDelete D:\Program Files\cmsystem (folder not found)
    Failed: FolderDelete D:\Program Files\fcengine (folder not found)
    Failed: FolderDelete D:\Program Files\wincmapp (folder not found)
    Failed: FolderDelete D:\Program Files\Deskbar\Cache (folder not found)
    Failed: FolderDelete D:\Program Files\popupwithcast (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\cloader (folder not found)
    Failed: FolderDelete D:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderCreate D:\bintheredunthat (folder already exists)
    Failed: FileMove D:\WINDOWS\win*-*.exe|D:\bintheredunthat (source file not found)
    Script completed.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/508362

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice