1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware/spyware has slowed my system to a crawl

Discussion in 'Virus & Other Malware Removal' started by Waxmanmojo, Nov 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Waxmanmojo

    Waxmanmojo Thread Starter

    Joined:
    Aug 22, 2007
    Messages:
    5
    Hi Tech Guys,

    After the tremendous sucess I had with you guys a couple of months ago on my laptop, (well worth my donation I might add), I thought I would post an ongoing problem with my daugthers PC. It would seem she has several pieces of malware/spyware, some I have been able to remove. But others must still be hanging on somewhere. The system is very, very slow. Windows XP based.

    Below is my Hijack and Superantispyware logs. Any help I could get would be greatly appreciated.
    If it turns out to be something else please let me know where I should post.
    Thanks in advance.
    Waxmanmojo

    Hijack log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:28, on 2007-11-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8524 bytes

    Superantispyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/12/2007 at 05:28 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3342
    Trace Rules Database Version: 1343

    Scan type : Complete Scan
    Total Scan Time : 04:13:31

    Memory items scanned : 462
    Memory threats detected : 0
    Registry items scanned : 5066
    Registry threats detected : 0
    File items scanned : 152965
    File threats detected : 248

    Adware.Tracking Cookie
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][3].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected]eboz[2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected]adedoubler[1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][10].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][11].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][12].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][4].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][5].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][6].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][7].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][8].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][9].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][4].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][4].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][6].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][7].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][4].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][4].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][5].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][6].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][4].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt

    Adware.eZula
    C:\DOCUMENTS AND SETTINGS\MORGAN\LOCAL SETTINGS\TEMP\XSPNLMKW.EXE
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  3. Waxmanmojo

    Waxmanmojo Thread Starter

    Joined:
    Aug 22, 2007
    Messages:
    5
    Ok here is the Active scan, also below is the combofix report I ran it before but forgot to post. Hope it helps, thanks for the reply.


    Incident Status Location

    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][4].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][1].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Devin\Cookies\[email protected][2].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][3].txt
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Morgan\Cookies\[email protected][1].txt
    Virus:Trj/Downloader.PME Disinfected C:\Documents and Settings\Morgan\Local Settings\Application Data\Wildtangent\Cdacache\00\0A\E6.dat
    Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\Morgan\Local Settings\Application Data\Wildtangent\Cdacache\00\0A\E9.dat[simple_killw.exe]
    Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Morgan\Local Settings\Temp\bfkxltam.exe
    Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Morgan\Local Settings\Temp\bucvpxoa.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Morgan\Local Settings\Temp\ldifyhio.dll
    Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Morgan\Local Settings\Temp\mmibusyv.exe
    Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Morgan\Local Settings\Temp\ybtdhgxt.exe
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
    Potentially unwanted tool:Application/NirCmd.A Not disinfected F:\ComboFix.exe[nircmd.exe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected F:\ComboFix.exe[nircmd.cfexe]

    Combofix log
    ComboFix 07-11-08.1 - Michael 2007-11-12 9:56:50.1 - NTFSx86
    Running from: F:\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\fCOe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\SYSTEM32\bjhiqkll.ini
    C:\WINDOWS\SYSTEM32\eobaajjn.ini
    C:\WINDOWS\system32\llkqihjb.dll
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\njjaaboe.dll
    C:\WINDOWS\system32\oTt02e
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\SYSTEM32\pstwa.bak1
    C:\WINDOWS\SYSTEM32\pstwa.bak2
    C:\WINDOWS\SYSTEM32\pstwa.ini
    C:\WINDOWS\SYSTEM32\pstwa.ini2
    C:\WINDOWS\SYSTEM32\pstwa.tmp
    C:\WINDOWS\system32\sdgeotfn.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-12 09:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-12 08:04 22,112 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
    2007-11-03 13:30 <DIR> d-------- C:\Program Files\Viewpoint
    2007-10-31 13:03 245,408 --a------ C:\WINDOWS\SYSTEM32\unicows.dll
    2007-10-30 19:55 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
    2007-10-30 19:55 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
    2007-10-30 19:55 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
    2007-10-30 19:55 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
    2007-10-30 19:55 39,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
    2007-10-30 19:55 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
    2007-10-30 19:55 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
    2007-10-30 19:55 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
    2007-10-30 19:55 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys
    2007-10-14 21:15 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 14:31 --------- d-----w C:\Program Files\Norton AntiVirus
    2007-11-12 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-12 14:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-12 14:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-12 14:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-12 14:01 --------- d-----w C:\Program Files\Symantec
    2007-11-12 13:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-03 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-11-03 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-11-03 19:29 --------- d-----w C:\Program Files\AIM6
    2007-10-31 01:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
    2007-10-31 01:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
    2007-10-15 03:32 --------- d-----w C:\Program Files\Yahoo!
    2007-10-15 03:31 --------- d-----w C:\Program Files\Sony
    2007-10-15 03:29 --------- d-----w C:\Program Files\Palm
    2007-10-15 03:25 --------- d-----w C:\Program Files\Knowledge Adventure
    2007-09-18 20:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
    2007-09-18 20:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
    2007-09-18 20:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
    2007-09-18 20:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
    2007-09-18 20:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
    2007-09-18 20:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
    2007-09-18 20:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
    2007-09-18 20:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
    2007-09-18 20:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 13:37]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-02 13:19]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-12-05 09:31]
    "D-Link AirPlus Xtreme G"="C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00]
    "ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-28 20:51]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-09-25 09:47:12]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2004-12-27 17:37:14]

    R0 GBDevice;GBDevice;C:\WINDOWS\system32\drivers\GBDevice.sys
    R0 GoBack2K;GoBack2K;C:\WINDOWS\system32\drivers\GoBack2K.sys
    S2 GBFSHook;GBFSHook;C:\WINDOWS\system32\drivers\GBFSHook.sys
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-10 18:26:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-10 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael.job"
    - C:\PROGRA~1\NORTON~2\Navw32.exe
    .
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651130

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice