1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Computer only runs in safe mode.

Discussion in 'Virus & Other Malware Removal' started by obutiny, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. obutiny

    obutiny Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    6
    I can only run my computer in safe mode. Everytime that I try to start it other than in safe mode it just reboots repeatedly. I know that I have ntos.exe. I had pop-ups that were bogging things down so I renamed iexplore (added a "d" at the end). Can someone please help me. Here is my hjt log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:07 PM, on 7/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Documents and Settings\Tiny\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tigernet.obu.edu/
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832210339226033AAC
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xrqdbmvj.dll",forkonce
    O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\system32\KB_963491.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Tiny\LOCALS~1\Temp\17168\gm.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Saj] "C:\Program Files\?icrosoft\r?gedit.exe"
    O4 - HKCU\..\Run: [Wjj] "C:\Program Files\s?stem\w?crtupd.exe"
    O4 - HKCU\..\Run: [Kql] C:\WINDOWS\??crosoft.NET\?ervices.exe
    O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\system32\wcxw.dll (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UE9T\command.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hdhapcep.exe (file missing)
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\cisslfz.exe (file missing)
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
  3. obutiny

    obutiny Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    6
    Sorry that it took me a little while. Thank you so much for your help. My computer starts in normal mode, again. Here are the reports:


    SDFix: Version 1.91

    Run by Tiny on Fri 07/13/2007 at 03:04 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    core
    ntio256
    runtime
    Windows Overlay Components
    windev-62be-3bb8

    ImagePath:
    system32\drivers\core.sys
    \??\C:\WINDOWS\system32\ntio256.sys
    \??\C:\WINDOWS\System32\drivers\runtime.sys
    C:\WINDOWS\cisslfz.exe
    \??\C:\WINDOWS\system32\windev-62be-3bb8.sys

    core - Deleted
    ntio256 - Deleted
    Windows Overlay Components - Deleted
    windev-62be-3bb8 - Deleted

    Killing PID 512 'smss.exe'
    Killing PID 584 'winlogon.exe'
    Killing PID 584 'winlogon.exe'


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\windev-62be-3bb8.sys - Deleted
    C:\WINDOWS\SYSTEM32\KB1293~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\KB3404~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\KB4268~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\KB2812~1.EXE - Deleted
    C:\WINDOWS\system32\gmc.exe.exe - Deleted
    C:\WINDOWS\retadpu11.exe.tmp - Deleted
    C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted
    C:\DOCUME~1\Tiny\LOCALS~1\Temp\msidel.bat - Deleted
    C:\DOCUME~1\Tiny\LOCALS~1\Temp\svchots.exe - Deleted
    C:\WINDOWS\b103.exe - Deleted
    C:\WINDOWS\b104.exe - Deleted
    C:\WINDOWS\b136.exe - Deleted
    C:\WINDOWS\retadpu2000219.exe - Deleted
    C:\WINDOWS\system32KBRunOnce2.tm_ - Deleted
    C:\WINDOWS\system32KBRunOnce2.t__ - Deleted
    C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
    C:\WINDOWS\system32\drivers\core.sys - Deleted
    C:\WINDOWS\system32\KBRunOnce2.t__ - Deleted
    C:\WINDOWS\system32\ntio256.sys - Deleted
    C:\WINDOWS\system32\protector.exe - Deleted
    C:\WINDOWS\system32\windev-peers.ini - Deleted
    C:\WINDOWS\tcb.pmw - Deleted
    C:\WINDOWS\wr.txt - Deleted


    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\WINDOWS\system32\wsnpoem - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\All Users\Application Data\SecTaskMan\cisslfzA.exe.q_2CFE556_q
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1275OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe
    C:\WINDOWS\system32\hjkkj.tmp
    C:\WINDOWS\UE9T\oH6n.vbs

    Finished


    Here is the hjt log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:22:14 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Documents and Settings\Tiny\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tigernet.obu.edu/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\rgguhuyq.dll",forkonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Saj] "C:\Program Files\?icrosoft\r?gedit.exe"
    O4 - HKCU\..\Run: [Wjj] "C:\Program Files\s?stem\w?crtupd.exe"
    O4 - HKCU\..\Run: [Kql] C:\WINDOWS\??crosoft.NET\?ervices.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\system32\wcxw.dll (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UE9T\command.exe (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hdhapcep.exe (file missing)
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. obutiny

    obutiny Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    6
    Thank you, again. I have to go to work shortly so I won't be able to do anything until about 8pm tonight.


    "Tiny" - 2007-07-13 15:33:41 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\iuvhwqtf.dll
    C:\WINDOWS\system32\khfedde.dll
    C:\WINDOWS\system32\npfjcywh.dll
    C:\WINDOWS\system32\rgguhuyq.dll
    C:\WINDOWS\system32\xrqdbmvj.dll
    C:\WINDOWS\system32\hjkkj.bak1
    C:\WINDOWS\system32\hjkkj.bak2
    C:\WINDOWS\system32\hjkkj.ini
    C:\WINDOWS\system32\hjkkj.ini2
    C:\WINDOWS\system32\hjkkj.tmp
    C:\WINDOWS\system32\hwycjfpn.ini
    C:\WINDOWS\system32\qyuhuggr.ini
    C:\WINDOWS\system32\jvmbdqrx.ini
    C:\WINDOWS\system32\hjkkj.bak1
    C:\WINDOWS\system32\hjkkj.bak2
    C:\WINDOWS\system32\hjkkj.ini
    C:\WINDOWS\system32\hjkkj.ini2
    C:\WINDOWS\system32\hjkkj.tmp
    C:\WINDOWS\system32\hjkkj.bak1
    C:\WINDOWS\system32\hjkkj.bak2
    C:\WINDOWS\system32\hjkkj.ini
    C:\WINDOWS\system32\hjkkj.ini2
    C:\WINDOWS\system32\hjkkj.tmp
    C:\WINDOWS\system32\jkkjh.dll
    C:\WINDOWS\system32\wvurqrr.dll
    C:\WINDOWS\system32\wvurqrr.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\bold.log
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\Tiny\APPLIC~1.\mbols~1
    C:\DOCUME~1\Tiny\APPLIC~1.\scurit~1
    C:\DOCUME~1\Tiny\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\Tiny\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\DOCUME~1\Tiny\APPLIC~1\Microsoft\25319.dat
    C:\DOCUME~1\Tiny\MYDOCU~1.\icroso~1
    C:\DOCUME~1\Tiny\MYDOCU~1.\mantec~1
    C:\DOCUME~1\Tiny\MYDOCU~1.\stem~1
    C:\Documents and Settings\All Users.\documents\settings
    C:\Documents and Settings\All Users.\documents\settings\desktop.ini
    C:\Program Files\Common Files\mbols~1
    C:\Program Files\Common Files\pppatc~1
    C:\Program Files\Common Files\sstem~1
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1275OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe
    C:\Program Files\Common Files\ymante~1
    C:\Program Files\Common Files\ymbols~1
    C:\Program Files\icroso~1
    C:\Program Files\sstem~1
    C:\Program Files\winantispyware 2007
    C:\Program Files\winantispyware 2007\msvcp71.dll
    C:\Program Files\winantispyware 2007\msvcr71.dll
    C:\Program Files\winantispyware 2007\shellext.dll
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\temp\iee
    C:\temp\iee\tmpZTF.log
    C:\temp\tn3
    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\cfg32a.exe
    C:\WINDOWS\crosof~1.net
    C:\WINDOWS\cs_cache.ini
    C:\WINDOWS\dls0523pmw.exe
    C:\WINDOWS\fnts~1
    C:\WINDOWS\mbols~1
    C:\WINDOWS\offun.exe
    C:\WINDOWS\rau001978.exe
    C:\WINDOWS\ssembl~1
    C:\WINDOWS\system32\cvhytjxb.exe
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\drivers\ip6fw.sys
    C:\WINDOWS\system32\hKit612k.exe
    C:\WINDOWS\system32\KB18561603.exe
    C:\WINDOWS\system32\KB40589569.exe
    C:\WINDOWS\system32\KB52383366.exe
    C:\WINDOWS\system32\KB66507128.exe
    C:\WINDOWS\system32\KB76775265.exe
    C:\WINDOWS\system32\KB93427757.exe
    C:\WINDOWS\system32\KB93736873.exe
    C:\WINDOWS\system32\KB96926207.exe
    C:\WINDOWS\system32\lqktxmqk.exe
    C:\WINDOWS\system32\nrrruocy.exe
    C:\WINDOWS\system32\o02PrEz
    C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
    C:\WINDOWS\system32\owstuqto.exe
    C:\WINDOWS\system32\sstem~1
    C:\WINDOWS\system32\thuhwryx.exe
    C:\WINDOWS\system32\tyrnpios.exe
    C:\WINDOWS\system32\uYD70G5v.exe
    C:\WINDOWS\system32\win
    C:\WINDOWS\system32\windbg48.sys
    C:\WINDOWS\system32\wnstssv32.exe
    C:\WINDOWS\system32\X1
    C:\WINDOWS\system32\X1\bk53.exe
    C:\WINDOWS\system32\X2
    C:\WINDOWS\system32\X2\mwspasrt83122.exe
    C:\WINDOWS\system32\X3
    C:\WINDOWS\system32\X3\626wr.exe
    C:\WINDOWS\system32\X4
    C:\WINDOWS\system32\X4\wen2.exe
    C:\WINDOWS\system32\X5
    C:\WINDOWS\system32\X9
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At25.job
    C:\WINDOWS\tasks\At26.job
    C:\WINDOWS\tasks\At27.job
    C:\WINDOWS\tasks\At28.job
    C:\WINDOWS\tasks\At29.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At30.job
    C:\WINDOWS\tasks\At31.job
    C:\WINDOWS\tasks\At32.job
    C:\WINDOWS\tasks\At33.job
    C:\WINDOWS\tasks\At34.job
    C:\WINDOWS\tasks\At35.job
    C:\WINDOWS\tasks\At36.job
    C:\WINDOWS\tasks\At37.job
    C:\WINDOWS\tasks\At38.job
    C:\WINDOWS\tasks\At39.job
    C:\WINDOWS\tasks\At40.job
    C:\WINDOWS\tasks\At41.job
    C:\WINDOWS\tasks\At42.job
    C:\WINDOWS\tasks\At43.job
    C:\WINDOWS\tasks\At44.job
    C:\WINDOWS\tasks\At45.job
    C:\WINDOWS\tasks\At46.job
    C:\WINDOWS\tasks\At47.job
    C:\WINDOWS\tasks\At48.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\wbun.exe
    C:\WINDOWS\wnsxs~1
    C:\WINDOWS\xmlhelper.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_HKED42
    -------\LEGACY_NETWORK_MONITOR
    -------\LEGACY_NET_AGENT
    -------\LEGACY_WINDBG48
    -------\cmdService
    -------\DomainService
    -------\Net Agent
    -------\RpcApi
    -------\windbg48


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 15:32 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 15:29 66,624 --a------ C:\WINDOWS\system32\mgfhowhh.dll
    2007-07-13 15:20 66,112 --a------ C:\WINDOWS\system32\gmmpyves.exe
    2007-07-13 15:14 165,376 --a------ C:\WINDOWS\system32\drivers\Hked42.sys
    2007-07-13 15:04 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-13 01:02 66,624 --a------ C:\WINDOWS\system32\rftbyeci.dll
    2007-07-13 00:56 66,112 --a------ C:\WINDOWS\system32\enoxkrbo.exe
    2007-07-12 01:05 66,624 --a------ C:\WINDOWS\system32\lsrmjruk.dll
    2007-07-12 00:56 66,112 --a------ C:\WINDOWS\system32\gisrimkh.exe
    2007-07-07 23:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-07-07 20:38 6,743 --a------ C:\systkun.exe
    2007-07-05 20:32 <DIR> d-------- C:\Temp\syscleaner
    2007-07-05 20:28 <DIR> d-------- C:\DOCUME~1\Tiny\.housecall6.6
    2007-07-05 17:01 <DIR> d--hs---- C:\WINDOWS\CSC
    2007-07-05 02:17 10,000 --a------ C:\WINDOWS\system32\gejd9j3jr.dll
    2007-07-05 02:16 13,573 --a------ C:\WINDOWS\system32\KB_963491.exe
    2007-07-04 12:29 22,592 --a------ C:\WINDOWS\system32\RtM27K63.exe
    2007-06-30 13:42 2,624 --a------ C:\WINDOWS\system32\nlfasgcy.exe
    2007-06-30 01:34 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-06-30 01:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2007-06-30 01:34 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
    2007-06-30 01:25 <DIR> d-------- C:\Temp
    2007-06-29 23:37 <DIR> d-------- C:\Program Files\Security Task Manager
    2007-06-29 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
    2007-06-20 12:24 <DIR> d-------- C:\DOCUME~1\Tiny\Shared
    2007-06-20 12:24 <DIR> d-------- C:\DOCUME~1\Tiny\Incomplete
    2007-06-20 12:24 <DIR> d-------- C:\DOCUME~1\Tiny\APPLIC~1\LimeWire


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-06 02:38:29 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-07-06 01:31:30 -------- d-----w C:\Program Files\Crazy Browser
    2007-07-01 05:34:23 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\uTorrent
    2007-06-30 06:34:59 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-06-30 04:39:08 -------- d-----w C:\Program Files\AdSponsorOI
    2007-06-30 04:32:11 -------- d-----w C:\Program Files\Common Files\rwrr
    2007-06-08 01:55:09 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\Viewpoint
    2007-06-06 04:53:52 445 ----a-w C:\WINDOWS\EntPack.dat
    2007-06-01 17:04:42 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\DivX
    2007-05-31 08:13:35 -------- d-----w C:\Program Files\DivX
    2007-05-31 07:50:13 -------- d-----w C:\Program Files\7-Zip
    2007-05-31 02:31:47 -------- d-----w C:\Program Files\4Musics OGG to MP3 Converter
    2007-05-30 06:58:07 -------- d-----w C:\Program Files\CDisplay
    2007-05-30 05:07:59 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\Lavasoft
    2007-05-30 05:07:48 -------- d-----w C:\Program Files\Lavasoft
    2007-05-29 18:30:26 -------- d-----w C:\Program Files\Viewpoint
    2007-05-18 14:02:36 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\Aim
    2007-05-18 14:02:31 -------- d-----w C:\Program Files\AIM
    2007-05-18 14:01:02 -------- d-----w C:\Program Files\AOD
    2007-05-15 20:33:28 513,152 ----a-w C:\WINDOWS\system32\drivers\SndTDriverV32.sys
    2007-05-15 18:38:20 -------- d-----w C:\Program Files\iPod Access for Windows
    2007-05-15 18:25:02 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\Purple Ghost Software, Inc
    2007-05-15 16:42:04 -------- d-----w C:\Program Files\Red Chair Software
    2007-05-15 15:09:37 -------- d-----w C:\Program Files\Common Files\L&H
    2007-05-15 15:09:22 -------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-05-15 15:09:03 -------- d-----w C:\Program Files\Microsoft Works
    2007-05-15 14:36:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-15 14:36:26 -------- d-----w C:\Program Files\CNet
    2007-05-15 04:44:25 -------- d-----w C:\Program Files\Music Rescue
    2007-05-15 04:32:35 -------- d-----w C:\Program Files\Messenger
    2007-05-15 04:32:16 -------- d-----w C:\Program Files\Movie Maker
    2007-05-15 04:30:36 -------- d-----w C:\Program Files\Windows NT
    2007-05-15 03:22:51 -------- d-----w C:\DOCUME~1\Tiny\APPLIC~1\Apple Computer
    2007-05-15 03:22:45 -------- d-----w C:\Program Files\iTunes
    2007-05-15 03:22:41 -------- d-----w C:\Program Files\iPod
    2007-05-15 03:22:25 -------- d-----w C:\Program Files\QuickTime
    2007-05-15 03:21:53 -------- d-----w C:\Program Files\Apple Software Update
    2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-11 14:15:24 0 --sha-r C:\MSDOS.SYS
    2007-05-11 14:15:24 0 --sha-r C:\IO.SYS
    2007-05-11 14:15:24 0 ----a-w C:\CONFIG.SYS
    2007-05-11 14:15:24 0 ----a-w C:\AUTOEXEC.BAT
    2007-05-11 14:12:02 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:24 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-04-23 00:15:24 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-04-23 00:15:24 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\UE9T\oH6n.vbs


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="NvQTwk" []
    "DIAGENT"="C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.exe" [2001-08-30 01:00]
    "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-27 20:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
    "NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
    "Saj"="C:\Program Files\?icrosoft\r?gedit.exe" []
    "Wjj"="C:\Program Files\s?stem\w?crtupd.exe" []
    "Kql"="C:\WINDOWS\??crosoft.NET\?ervices.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    @=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\System Reserved]


    Contents of the 'Scheduled Tasks' folder
    2007-07-04 01:59:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-05 08:00:00 C:\WINDOWS\tasks\At4.job
    2007-07-05 05:00:31 C:\WINDOWS\tasks\At49.job
    2007-07-05 06:00:32 C:\WINDOWS\tasks\At50.job
    2007-07-05 07:00:31 C:\WINDOWS\tasks\At51.job
    2007-07-05 08:00:32 C:\WINDOWS\tasks\At52.job
    2007-07-05 09:00:31 C:\WINDOWS\tasks\At53.job
    2007-07-05 10:00:31 C:\WINDOWS\tasks\At54.job
    2007-07-05 11:01:21 C:\WINDOWS\tasks\At55.job
    2007-07-05 12:00:31 C:\WINDOWS\tasks\At56.job
    2007-07-05 13:00:30 C:\WINDOWS\tasks\At57.job
    2007-07-05 14:00:31 C:\WINDOWS\tasks\At58.job
    2007-07-05 15:00:30 C:\WINDOWS\tasks\At59.job
    2007-07-05 16:00:35 C:\WINDOWS\tasks\At60.job
    2007-07-05 17:00:32 C:\WINDOWS\tasks\At61.job
    2007-07-05 18:00:01 C:\WINDOWS\tasks\At62.job
    2007-07-04 19:00:35 C:\WINDOWS\tasks\At63.job
    2007-07-04 20:00:32 C:\WINDOWS\tasks\At64.job
    2007-07-04 21:00:32 C:\WINDOWS\tasks\At65.job
    2007-07-05 22:00:02 C:\WINDOWS\tasks\At66.job
    2007-07-04 23:00:30 C:\WINDOWS\tasks\At67.job
    2007-07-05 00:00:30 C:\WINDOWS\tasks\At68.job
    2007-07-05 01:00:31 C:\WINDOWS\tasks\At69.job
    2007-07-05 02:00:31 C:\WINDOWS\tasks\At70.job
    2007-07-05 03:00:31 C:\WINDOWS\tasks\At71.job
    2007-07-05 04:00:33 C:\WINDOWS\tasks\At72.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 15:43:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 15:43:56 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-13 15:43

    --- E O F ---



    Logfile of HijackThis v1.99.1
    Scan saved at 3:49:49 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Documents and Settings\Tiny\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tigernet.obu.edu/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Saj] "C:\Program Files\?icrosoft\r?gedit.exe"
    O4 - HKCU\..\Run: [Wjj] "C:\Program Files\s?stem\w?crtupd.exe"
    O4 - HKCU\..\Run: [Kql] C:\WINDOWS\??crosoft.NET\?ervices.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, run the ATF then start SuperAntiSpyware and let it run while you are gone.

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  7. obutiny

    obutiny Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    6
    Here are the logs. Thanks, again.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/13/2007 at 10:22 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3269
    Trace Rules Database Version: 1280

    Scan type : Complete Scan
    Total Scan Time : 01:59:00

    Memory items scanned : 309
    Memory threats detected : 0
    Registry items scanned : 4720
    Registry threats detected : 6
    File items scanned : 59615
    File threats detected : 162

    Trojan.Windows Overlay Components/SysMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1275OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1275OINUNINSTALLER.EXE.VIR

    Adware.ClickSpring/Outer Info Network
    C:\Documents and Settings\Tiny\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Tiny\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Tiny\Start Menu\Programs\Outerinfo

    Adware.Adservs
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\ASAPPSRV.DLL.Q_510DE02_Q
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007546.DLL

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\CISSLFZ.EXE.Q_2CFB600_Q
    C:\PROGRAM FILES\COMMON FILES\RWRR\RWRRL.EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSSV32.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP13\A0003971.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP15\A0004014.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP17\A0004038.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP18\A0004057.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP21\A0004179.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP30\A0005269.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP34\A0005336.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP36\A0005362.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP37\A0005382.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP40\A0006481.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP44\A0006548.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP46\A0006576.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP47\A0006582.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP48\A0006588.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007539.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007540.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007575.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007586.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP51\A0008583.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP53\A0009592.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0011577.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019648.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019651.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019663.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019669.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019717.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019726.EXE
    C:\WINDOWS\UE9T\OH6N.VBS

    Adware.SysMon
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\CISSLFZA.EXE.Q_2CFE556_Q
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\X1\BK53.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007585.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019741.EXE

    Adware.eZula
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\HDHAPCEP.EXE.Q_804E041_Q
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CVHYTJXB.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LQKTXMQK.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NRRRUOCY.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OWSTUQTO.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\THUHWRYX.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TYRNPIOS.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0016584.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019730.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019731.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019732.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019733.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019734.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019735.EXE

    Unclassified.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\HOKE83122.DLL.Q_F148002_Q
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP13\A0003967.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007537.EXE

    Adware.ClickSpring/Resident
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\LEXQ.DLL.Q_804EE00_Q
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP15\A0004010.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP17\A0004034.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP18\A0004053.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP21\A0004175.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP34\A0005333.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP37\A0005378.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP39\A0005392.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP39\A0005394.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP40\A0006477.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP44\A0006544.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP46\A0006573.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP47\A0006578.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP48\A0006584.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007547.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP53\A0009588.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0011573.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0016581.DLL

    Trojan.Downloader-ClickSpring/NDrv
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\OUTERINFO.DLL.Q_E42A002_Q
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007588.DLL

    Adware.Unknown Origin
    C:\PROGRAM FILES\COMMON FILES\RWRR\RWRRD\CLASS-BARREL
    C:\PROGRAM FILES\COMMON FILES\RWRR\RWRRD\VOCABULARY

    Unclassified.Unknown Origin/System
    C:\PROGRAM FILES\COMMON FILES\RWRR\RWRRD\RWRRC.DLL

    Trojan.Downloader-Gen
    C:\PROGRAM FILES\COMMON FILES\RWRR\RWRRP.EXE

    Adware.k8l
    C:\PROGRAM FILES\WINDOWSUPDATE\PROFSYXY.HTML

    Adware.SearchClickAds
    C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32A.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007576.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007577.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007578.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007579.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019711.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019712.EXE

    Trojan.Downloader-Gen/BasicMath
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DLS0523PMW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019748.EXE

    Trojan.Downloader-VisFX
    C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019749.EXE

    Trojan.Downloader-Gen/WinUpd-Fake
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KB52383366.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019720.EXE
    C:\WINDOWS\SYSTEM32\KB_963491.EXE

    Trojan.Downloader-Gen/FirBurg
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KB66507128.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019721.EXE

    Trojan.Downloader-Gen/Blah
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KHFEDDE.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019755.DLL

    Trojan.Downloader-Gen/BundleBase
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\O02PREZ\O02PREZ1065.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019745.EXE

    Rootkit.ShapeChanger
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINDBG48.SYS.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019746.SYS
    C:\WINDOWS\SYSTEM32\DRIVERS\HKED42.SYS

    Trojan.Downloader-Gen/HitItQuitIt
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WVURQRR.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019762.DLL

    Adware.WebBuying Assistant-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\WBUN.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007565.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019753.EXE

    Adware.ClickSpring
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP13\A0003968.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP15\A0004011.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP17\A0004035.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP18\A0004054.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP21\A0004176.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP30\A0005266.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP37\A0005379.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP39\A0005393.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP39\A0005395.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP40\A0006478.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP44\A0006545.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP47\A0006579.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP48\A0006585.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP48\A0007391.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007536.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP51\A0008580.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP53\A0009589.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0011574.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0016582.EXE

    Trojan.Downloader-Gen/RetAd
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP19\A0004070.EXE

    Adware.ClickSpring-Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP19\A0004111.EXE

    Adware.webHancer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP22\A0004198.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP22\A0004199.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP22\A0004200.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP22\SNAPSHOT\MFEX-1.DAT
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP22\SNAPSHOT\MFEX-2.DAT
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP22\SNAPSHOT\MFEX-3.DAT
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007558.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007559.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007566.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007567.EXE

    Trojan.NetMon/DNSChange
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007538.EXE

    TargetSaver, Inc. Process
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP49\A0007543.EXE

    Adware.WebBuying-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007564.EXE

    Trojan.ZQuest
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP50\A0007587.DLL

    Trojan.Downloader-MSDCom32
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0017622.DLL

    Trojan.Rootkit-Windev/I
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019644.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019678.SYS

    Trojan.Downloader-Gen/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019650.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019662.EXE

    Trojan.Rootkit-TnCore
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019655.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019666.SYS

    Trojan.Downloader-PoofPoof/Rootkit
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019656.SYS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019673.SYS

    Trojan.Rootkit-TnCore/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BC0CB5C-E6DD-413D-AEBA-54DE0BD38BBC}\RP55\A0019744.EXE

    Trojan.Downloader-Gen/AllowCookie
    C:\WINDOWS\SYSTEM32\NLFASGCY.EXE


    Logfile of HijackThis v1.99.1
    Scan saved at 11:03:25 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Tiny\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tigernet.obu.edu/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Saj] "C:\Program Files\?icrosoft\r?gedit.exe"
    O4 - HKCU\..\Run: [Wjj] "C:\Program Files\s?stem\w?crtupd.exe"
    O4 - HKCU\..\Run: [Kql] C:\WINDOWS\??crosoft.NET\?ervices.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKCU\..\Run: [Saj] "C:\Program Files\?icrosoft\r?gedit.exe"
    O4 - HKCU\..\Run: [Wjj] "C:\Program Files\s?stem\w?crtupd.exe"
    O4 - HKCU\..\Run: [Kql] C:\WINDOWS\??crosoft.NET\?ervices.exe

    Close all applications and browser windows before you click "fix checked".


    I don't see any anti-virus software running.
    Load AVG http://free.grisoft.com/freeweb.php/doc/2/ it's free. Run a full scan and post the AVG scan results and a new HJT log.
     
  9. obutiny

    obutiny Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    6
    Here is the only sort of log for the AVG I could find.


    General properties
    Report name Complete Test
    Start time 7/14/2007 13:33
    End time 7/14/2007 2:24:40 PM (total: 51:18.2 Min)
    Launch method Scanning launched manually
    Scanning result Threats found
    Report status Scanning completed successfully

    Object summary
    Scanned 77107
    Threats Found 37
    Cleaned 0
    Moved to vault 4
    Deleted 22
    Errors 0
    C:\SDFix\backups\backups.zip:\backups\core.sys Trojan horse BackDoor.Generic7.GTL Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\gmc.exe.exe Trojan horse Downloader.Tibs.6.K Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\KB12931930.exe Trojan horse Proxy.LFD Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\KB28125911.exe Trojan horse Proxy.PHC Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\KB34040802.exe Trojan horse Proxy.LFD Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\KB42687917.exe Trojan horse Proxy.LFD Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\ntio256.sys Trojan horse BackDoor.Generic3.LJS Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\partnership.dll Trojan horse Proxy.PAM Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\protector.exe Trojan horse Proxy.GJI Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\retadpu2000219.exe Trojan horse Downloader.Agent.MCC Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\svchots.exe Trojan horse Downloader.Generic5.SI Infected, Embedded object, Deleted
    C:\SDFix\backups\backups.zip:\backups\windev-62be-3bb8.sys Trojan horse Downloader.Tibs.5.BL Infected, Embedded object, Deleted
    C:\Program Files\Creative\SBLive\Program\AHQInit.exe Moved to Vault
    C:\systkun.exe Deleted
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\vefgpiod.dll.q_804241_q Deleted
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\xpre.exe.q_33F1EE00_q Deleted
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\xrun.exe.q_33F11_q Deleted
    C:\Program Files\AdSponsorOI\tpaldr.exe Deleted
    C:\Program Files\Creative\SBLive\Program\AHQInit.exe Deleted
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe Moved to Vault
    C:\QooBox\Quarantine\C\WINDOWS\system32\hKit612k.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjh.dll.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\KB18561603.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\KB76775265.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\KB93427757.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\KB93736873.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\KB96926207.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\uYD70G5v.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\X3\626wr.exe.vir Deleted
    C:\QooBox\Quarantine\C\WINDOWS\system32\X4\wen2.exe.vir Deleted
    C:\SDFix\backups\backups.zip Moved to Vault, Archive
    C:\WINDOWS\Updreg.exe Moved to Vault
    C:\WINDOWS\system32\enoxkrbo.exe Deleted
    C:\WINDOWS\system32\gejd9j3jr.dll Deleted
    C:\WINDOWS\system32\gisrimkh.exe Deleted
    C:\WINDOWS\system32\gmmpyves.exe Deleted
    C:\WINDOWS\system32\RtM27K63.exe Deleted



    Logfile of HijackThis v1.99.1
    Scan saved at 2:37:31 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG7\avgwb.dat
    C:\Documents and Settings\Tiny\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tigernet.obu.edu/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks good. How is it running now? Any problems?
     
  11. obutiny

    obutiny Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    6
    It's running amazing. Thank you so much for your help. I really didn't want to have to reformat my computer because I have had to do that before.
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Great! Happy to hear it!!

    You can remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

    SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405


    Here are some additional links for you to check out to help you with your computer security.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools



    You're welcome!
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593230

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice