symptoms of my computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
hey

I have Avg antivirus/antispyware
Adaware SE personal
Ccleaner
Zonealarm
Avg antiroot kit
Spybot Search and Destroy
Hijack This

I've run scans etc in safe mode but i still cant seem to get rid of the Js/Psyme virus
Avg can only move it to virus vault
occasionally another virus will pop up while i scan (Exploit virus)

I recieve lots of pop ups and file download windows, Also many Active X download requests
My Task Manager is disabled and i have no idea how to get it back
other then that my computer is runnning very very slow and in safemode likes to do a physical memory dump and the screen goes blue

help me please
i have windows 2000 ME (mellenium edition)
any help would be greatly apreciated

Faraaz

(following is a HiJackThis Log)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:57 PM, on 7/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackThis\Analyze.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 6963 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi and welcome :)

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new Hijack This log
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
thanks for the much apreciated help

here is my SDfix report and following it will be my HiJackThis log


SDFix: Version 1.91

Run by Techtronics on Sat 07/14/2007 at 9:16p

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
main1

ImagePath:
\??\C:\WINDOWS\system32\main.sys

main1 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Remaining Files:
---------------


Files with Hidden Attributes:

C:\CDPACKS\DEVICE DRIVER CD\Install\Setuplib.dll
C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\_Setup.dll
C:\CDPACKS\DEVICE DRIVER CD\Install\BIOSDate.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Detect.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Install.EXE
C:\CDPACKS\DEVICE DRIVER CD\Install\Menu.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Menu_view.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Reboot.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Autorun\instmsia.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Autorun\instmsiw.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Autorun\setup.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\DeviceList.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\Setup.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\DeviceList\_ISDel.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Menu\Display.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\AC2K.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\AC98.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\ACL98.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\ACLME.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\All.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\AutoClick.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Change.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\CheckPath.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Counter.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelDv.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DeleteFiles.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelT2.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelT2Dv.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\DelTools.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\LostRun.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\RegClean.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Regexe.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\Restart.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\RunAP.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\RunRegexe.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\SDW98ME.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Tools\SoundDrv.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Total\instmsia.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Total\instmsiw.exe
C:\CDPACKS\DEVICE DRIVER CD\Install\Total\setup.exe
C:\WINNT\system32\Tools\AC2K.exe
C:\WINNT\system32\Tools\AC98.exe
C:\WINNT\system32\Tools\ACL98.exe
C:\WINNT\system32\Tools\ACLME.exe
C:\WINNT\system32\Tools\All.exe
C:\WINNT\system32\Tools\AutoClick.exe
C:\WINNT\system32\Tools\Change.exe
C:\WINNT\system32\Tools\CheckPath.exe
C:\WINNT\system32\Tools\Counter.exe
C:\WINNT\system32\Tools\DelDv.exe
C:\WINNT\system32\Tools\DeleteFiles.exe
C:\WINNT\system32\Tools\DelT2.exe
C:\WINNT\system32\Tools\DelT2Dv.exe
C:\WINNT\system32\Tools\DelTools.exe
C:\WINNT\system32\Tools\LostRun.exe
C:\WINNT\system32\Tools\RegClean.exe
C:\WINNT\system32\Tools\Regexe.exe
C:\WINNT\system32\Tools\Restart.exe
C:\WINNT\system32\Tools\RunAP.exe
C:\WINNT\system32\Tools\RunRegexe.exe
C:\WINNT\system32\Tools\SDW98ME.exe
C:\WINNT\system32\Tools\SoundDrv.exe
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0177.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0748.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL0977.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL1973.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL3068.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL3239.tmp
C:\Documents and Settings\Techtronics\Application Data\Microsoft\Word\~WRL3477.tmp

Finished



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:14 PM, on 7/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\notepad.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\hijackThis\Analyze.exe
C:\WINNT\system32\MDM.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 7033 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132


Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
ok
hahah that scan took 3 hours and 19 minutes
here they are

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/15/2007 at 06:30 PM

Application Version : 3.9.1008

Core Rules Database Version : 3269
Trace Rules Database Version: 1280

Scan type : Complete Scan
Total Scan Time : 03:16:16

Memory items scanned : 329
Memory threats detected : 0
Registry items scanned : 4234
Registry threats detected : 13
File items scanned : 23874
File threats detected : 66

Trojan.Aff-YourThumbs
[Microsoft security adviser] C:\PROGRAM FILES\MICROSOFT SECURITY ADVISER\MSSADV.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY ADVISER\MSSADV.EXE
[Microsoft security adviser] C:\PROGRAM FILES\MICROSOFT SECURITY ADVISER\MSSADV.EXE
C:\WINNT\MSSADV.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected]****ed[1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][11].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected]_cj[9].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][3].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected]_cj[6].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\techtr[email protected][14].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected]_cj[11].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][3].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][2].txt
C:\Documents and Settings\Techtronics\Cookies\[email protected][1].txt

Malware.DriveCleaner
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\Contains\Files#C:\WINNT\Downloaded Program Files\UDC6_0001_D19M2808NetInstaller.exe
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\InstalledVersion#LastModified
C:\WINNT\DOWNLOADED PROGRAM FILES\UDC6_0001_D19M2808NETINSTALLER.INF

Trojan.Download-Gen/SexVideoStation
C:\QOOBOX\QUARANTINE\C\SVCHOST.EXE.VIR
C:\SVCHOST2.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Techtronics\Local Settings\Temporary Internet Files\Content.IE5\FKF1UKCD\title[1].html
C:\Documents and Settings\Techtronics\Local Settings\Temporary Internet Files\Content.IE5\CLMBK9EF\if_z[1].html
C:\Documents and Settings\Techtronics\Local Settings\Temporary Internet Files\Content.IE5\09AB4XUN\do_z[1].html



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:56 PM, on 7/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackThis\Analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 6916 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Program Files\Microsoft Security Adviser

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe


Reboot and post another Hijack This log please.
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
hahah you know your stuff

task manager is still disabled

but heres the stuff

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\agarghnd

*******************

Script file located at: \??\C:\Program Files\xoelcqdi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\Microsoft Security Adviser deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:41 PM, on 7/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackThis\Analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 5821 bytes
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
hehe well there is no error message
but
when i press Ctr+Alt+Delete it brings up the windows security screen, The Task manager button is gray and i am unable to press it

also, i dont know if this is related at all but, on the start bar, the buttons beside the start button are all black, I still can press them etc but the icon doesnt show


thanks again for the help
i really apreciate it

:O

Faraaz
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
hahaha they both work
i love you
i love you
i love you
love
no sex


"Techtronics" - 07/17/2007 22:48:58 - ComboFix 07-07-14.6 - Service Pack 4 NTFS [SAFE MODE]


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-15 15:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-15 15:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-15 15:01 <DIR> d-------- C:\DOCUME~1\TECHTR~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-15 15:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 21:12 <DIR> d-------- C:\WINNT\ERUNT
2007-07-14 18:37 <DIR> d-------- C:\DOCUME~1\TECHTR~1\APPLIC~1\Viewpoint
2007-07-13 23:17 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-13 22:43 3,968 --a------ C:\WINNT\system32\drivers\AvgArCln.sys
2007-07-13 22:38 <DIR> d-------- C:\VundoFix Backups
2007-07-13 22:08 3,100 --a------ C:\WINNT\system32\tmp.reg
2007-07-13 22:07 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-07-13 22:07 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-07-13 22:06 53,248 --a------ C:\WINNT\system32\Process.exe
2007-07-13 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-13 14:40 <DIR> d-------- C:\Program Files\Yahoo!
2007-07-13 14:40 <DIR> d-------- C:\Program Files\CCleaner
2007-07-13 14:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-13 14:20 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-07-13 01:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-13 01:04 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-07-13 01:01 75,248 --a------ C:\WINNT\zllsputility.exe
2007-07-13 01:00 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-07-13 00:59 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
2007-07-13 00:59 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
2007-07-13 00:58 661,536 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-07-13 00:58 1,824 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-07-13 00:57 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys
2007-07-13 00:48 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll
2007-07-13 00:47 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-07-13 00:46 <DIR> d-a------ C:\WINNT\Internet Logs
2007-07-11 15:27 <DIR> d-------- C:\DOCUME~1\TECHTR~1\APPLIC~1\acccore
2007-07-11 15:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-11 15:23 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-07-11 15:20 <DIR> d-------- C:\Program Files\AIM6
2007-07-11 15:19 335 --a------ C:\WINNT\nsreg.dat
2007-07-11 14:50 90,112 -ra------ C:\WINNT\system32\pizzabx.exe
2007-07-11 14:50 208,896 -ra------ C:\WINNT\system32\pizzadx.dll
2007-06-18 10:53 <DIR> d-------- C:\WINNT\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 06:58:26 32 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2007-07-13 06:58:24 32 --sha-w C:\WINNT\system32\drivers\fidbox2.idx
2007-07-11 21:31:09 -------- d-----w C:\Program Files\AIM
2007-07-11 21:25:51 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-23 06:22:01 939,280 ----a-w C:\WINNT\system32\ntdsa.dll
2007-04-19 05:06:31 6,239,232 ----a-w C:\WINNT\system32\sp3res.dll
2005-01-27 22:44:28 271 ---h--w C:\Program Files\desktop.ini
2005-01-27 22:44:28 21,952 ---h--w C:\Program Files\folder.htt
1998-12-09 08:53:54 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 08:53:54 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 08:53:54 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 08:53:54 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 08:53:54 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 08:53:54 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
10/26/06 10:28a 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
05/31/05 01:04a 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/07 08:10a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/06 05:57p]
"mssadv.exe"="" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/07 09:54p]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 03:25a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/05 10:05a]
"mssadv.exe"="" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [11/07/06 09:29a]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/07 02:06p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [05/30/07 06:29a]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [12/20/06 01:55p]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 04/19/07 01:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 22:51:59
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 07/17/2007 22:52:50
C:\ComboFix-quarantined-files.txt ... 07/17/07 10:52p
C:\ComboFix2.txt ... 07/13/07 11:42p

--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:04 AM, on 7/18/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackThis\Analyze.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Techtronics\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 5953 bytes
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
LOL glad to hear its working ;)

I was curious about these 2 files though:

C:\WINNT\system32\pizzabx.exe
C:\WINNT\system32\pizzadx.dll

Please go to this site: http://virusscan.jotti.org/

Use the Browse button at Jotti.
Navigate to the file's location on your hard drive and submit them.
Let me know what it says regarding the files.
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
oi!
so i scanned both files
and for both of them the result was "No virus found" under every catagory and up top it was "OK"
but right i almost forgot to tell you about something

sometimes... its pretty random
but when open a page with internet explorer
it wont just open one... its will open hundreds :O
and they just keep opening and opening, effectively freezing me up
before when i didnt have task manager all i could do was manually restart
now i gotta end progam them faster then they can spawn
hmmm.... other then that my computer is running really slowly

i love you

(>^(>O.O)> <----- yay!

Faraaz
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.



        [*]NOTE:
        If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
 

Faraaz

Thread Starter
Joined
Jul 14, 2007
Messages
10
oh yessir the task has been completed

now what shall happen?

(>^(>O.O)>
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top