1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Wgd.exe - A virus, that I can't remove!

Discussion in 'Virus & Other Malware Removal' started by YerOldPoison, Jan 22, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    Hey guys!

    I've recently been scre-I mean messing around with Ijji REACTOR and Ijji's games like A.V.A.

    It's all been working fine until today, when REACTOR wouldn't show up correctly or would be stuck on the loading screen in an instant loop or would load and and wouldn't display all/any content of the program... So I decided to re-download and re-install the REACTOR since no solution I've found has worked for me. After I've done that the problem persisted, but what I've also found in the task manager under processes tab, when I was manually closing the REACTOR was a virus. It's displayed as "Wgd.exe" and it's listed under my admin account/name of the computer on Windows XP. I've tried closing it, because I never saw it before and knew that it definitely wasn't a part of REACTOR. So I've done a search on it and came up with shocking results, which I -honestly- expected. So I ran my (free version of) SUPERAntiSpyware and gave it a full computer scan. It found some adware and malware etc. and so I removed/quarantined it. But when I rebooted and looked @ the processes again that "Wgd.exe" file was still there, up and running. Now I searched the whole computer for "Wgd" term, including the system files/folders as well as the hidden ones and the search came up with nothing. I couldn't find any guide on how to remove it nor where it'd usually be located/named. I am worried that it may cause an unstable system as well as give out personal information, like passwords, IDs and so on, and so on. Any suggestions what it might be and how (if) it can be removed/quarantined?

    Basic info:
    - ESET NOD32 Antivirus v4.0
    - SUPERAntiSpyware (free version) - I trust the program; it has helped me in the past. It doesn't run all the time, I usually only run it once a week for a major clean-up
    - I am running Windows XP Home Edition, SP3
    - The virus' name is supposed to be "Wgd.exe"
    - Only thing I downloaded and re-installed was Ijji REACTOR, which is a trusted program and I've never had problems with it before. (BTW, if anyone has any suggestions on how to fix Ijji REACTOR's loading issue I'd be grateful :))

    If you need any more info, please just tell me what you need and I'll supply it.

    Hope you can help me!




    EDIT:

    Now I found where it's located, you should see it in the HiJackThis log(s) named as "wgd.exe"

    NOTE: I've got VistaMizer and ViOrb installed (for over a year). It's basically an overlay for Windows XP and it makes it look and feel more like Vista. It's trusted and I've got it installed over a year, so I really don't think it's causing any serious problems. I've also got a program installed named Clean It -SI- as you can see in the attachment file. It's made by a programmer/my friend and his software is 100% free of viruses/malware etc. ... I've had that program installed since the last re-install of Windows.


    HiJackThis log:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:32:59, on 22.1.2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\VistaDriveIcon\DrvIcon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ViOrb\ViOrb.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Wgd.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLHooker2 Class - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
    O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [CE8SIIFGSU] C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Wgd.exe
    O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.08\english\PhysX_9.09.0203_SystemSoftware.exe"
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: http://192.168.1.1
    O15 - ESC Trusted IP range: http://192.168.1.1
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9454D3-9C38-460F-839D-286CB9ABB517}: NameServer = 193.111.220.150,193.111.220.151
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E598B3D6-4696-4658-87C4-449CFB4E786E}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 11835 bytes






    DDS log:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Aleksander at 21:42:47,48 on sob 22.01.2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1250.386.1033.18.3327.2520 [GMT 1:00]

    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\VistaDriveIcon\DrvIcon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ViOrb\ViOrb.exe
    svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Wgd.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Moji dokumenti\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
    uSearch Page =
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant =
    uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: URLHooker2 Class: {93935f7f-9c88-42f8-8445-95251d27fabc} - c:\progra~1\flashv~1\URLHOO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
    TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll
    TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge]
    uRun: [ViOrb] c:\program files\viorb\ViOrb.exe
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
    uRun: [DriverMax_RESTART]
    uRun: [CE8SIIFGSU] c:\docume~1\aleksa~1\locals~1\temp\Wgd.exe
    uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\program files\common files\wise installation wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.msi" transforms="c:\program files\common files\wise installation wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.mst" wise_setup_exe_path="c:\nvidia\winxp\182.08\english\PhysX_9.09.0203_SystemSoftware.exe"
    mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [DrvIcon] c:\program files\vistadriveicon\DrvIcon.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: I&zvoz v Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {9D9454D3-9C38-460F-839D-286CB9ABB517} = 193.111.220.150,193.111.220.151
    TCP: {E598B3D6-4696-4658-87C4-449CFB4E786E} = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\aleksa~1\applic~1\mozilla\firefox\profiles\o1530iau.default\
    FF - component: c:\documents and settings\aleksander\application data\mozilla\firefox\profiles\o1530iau.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - component: c:\documents and settings\aleksander\application data\mozilla\firefox\profiles\o1530iau.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\aleksander\application data\mozilla\firefox\profiles\o1530iau.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\aleksander\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPOP7PlugIn.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-29 96408]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
    R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2009-9-12 208851]
    R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2009-9-12 10324]
    R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2009-9-12 34789]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-9 1684736]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-9-12 36864]
    S3 cpuz132;cpuz132;\??\c:\docume~1\aleksa~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\aleksa~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GarenaPEngine;GarenaPEngine;c:\docume~1\aleksa~1\locals~1\temp\YBU2284.tmp [2010-6-6 25616]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-1-24 131072]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-1-24 79104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2009-9-12 9446]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-22 20:41:04 388096 ----a-r- c:\docume~1\aleksa~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-22 17:23:27 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
    2011-01-22 17:23:27 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
    2011-01-22 17:23:27 27136 ----a-w- c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    2011-01-22 17:14:32 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-01-22 17:14:32 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-01-22 14:38:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-01-22 14:38:26 -------- d-----w- c:\docume~1\aleksa~1\applic~1\SUPERAntiSpyware.com
    2011-01-22 14:38:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-22 13:46:29 -------- d-----w- c:\program files\FIAA
    2011-01-22 13:37:03 208384 ----a-w- c:\windows\Wxaseb.exe
    2011-01-22 13:22:23 -------- d-----w- C:\Fiaa
    2011-01-22 12:54:06 208384 ----a-w- c:\windows\Wxasea.exe
    2011-01-21 20:33:15 -------- d-----w- c:\program files\TuneUpMedia
    2011-01-21 20:33:14 -------- d-----w- c:\docume~1\aleksa~1\applic~1\TuneUpMedia
    2011-01-21 20:33:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUpMedia
    2011-01-21 20:31:06 -------- d-----w- c:\docume~1\aleksa~1\locals~1\applic~1\OpenCandy
    2011-01-21 20:31:04 -------- d-----w- c:\docume~1\aleksa~1\applic~1\OpenCandy
    2011-01-21 20:31:03 -------- d-----w- c:\program files\Cheat Engine 6
    2011-01-20 06:33:33 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
    2011-01-20 06:33:32 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
    2011-01-19 09:44:35 -------- d-----w- c:\program files\REACTOR
    2011-01-13 19:34:27 -------- d-----w- c:\docume~1\aleksa~1\applic~1\MCS Electronics
    2011-01-13 19:34:00 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
    2011-01-13 19:34:00 -------- d-----w- c:\program files\MCS Electronics
    2011-01-09 11:21:09 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-01-09 01:30:45 -------- d-----w- c:\docume~1\aleksa~1\locals~1\applic~1\Unity
    2011-01-08 13:57:16 -------- d-----w- c:\docume~1\aleksa~1\locals~1\applic~1\Electronic Arts
    2011-01-07 18:56:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-01-07 18:56:50 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-07 18:56:48 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-01-07 18:56:48 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-01-07 18:56:48 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-01-07 18:56:48 13880424 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 18:56:48 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-06 14:42:24 -------- d-----w- c:\docume~1\aleksa~1\locals~1\applic~1\ConduitEngine
    2011-01-06 14:42:18 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-01-06 14:42:18 -------- d-----w- c:\program files\ConduitEngine
    2011-01-03 00:07:27 -------- d-----w- c:\docume~1\aleksa~1\applic~1\AnvSoft
    2011-01-03 00:07:25 -------- d-----w- c:\program files\AnvSoft
    2011-01-01 01:52:44 -------- d-----w- c:\docume~1\aleksa~1\locals~1\applic~1\Conduit
    2011-01-01 01:52:43 -------- d-----w- c:\program files\Conduit
    2011-01-01 01:52:42 -------- d-----w- c:\program files\BS_Player
    2011-01-01 01:52:42 -------- d-----w- c:\docume~1\aleksa~1\locals~1\applic~1\BS_Player
    2011-01-01 01:52:36 -------- d-----w- c:\program files\Webteh
    2010-12-30 14:27:54 -------- d-----w- c:\docume~1\aleksa~1\applic~1\Bioshock2
    2010-12-30 11:34:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
    2010-12-30 11:24:20 -------- d-----w- c:\program files\2K Games
    2010-12-26 10:21:38 -------- d-----w- c:\program files\Super Meat Boy

    ==================== Find3M ====================

    2011-01-22 17:14:52 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-01-22 17:14:52 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-01-22 17:14:50 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-01-20 06:25:14 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-01-20 06:25:14 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-01-19 11:28:16 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-01-09 12:13:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-01-08 23:52:22 138056 ----a-w- c:\docume~1\aleksa~1\applic~1\PnkBstrK.sys
    2011-01-08 23:52:02 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
    2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
    2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
    2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-20 13:24:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 21:43:00,46 ===============




    What did I do wrong? Is there any way to fix this problem?

    Thanks in advance,
    YerOldPoison (Aleksander - as the log says ;))

    PS: I am from Slovenia and some programs contain Slovenian language in their names as I've noticed. So feel free to ask for a translation :) ... And if you will find a mismatch: Daemon Tools Lite isn't installed anymore. I've uninstalled it right before I ran GMER!


    GMER log coming soon!




    GMER log finally here!!:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-23 13:08:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD502IJ rev.1AA01112
    Running: vm4edp0z.exe; Driver: C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\pgtdrpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A314C90 ZwAssignProcessToJobObject
    SSDT spic.sys ZwCreateKey [0xB7EA70E0]
    SSDT 8A315200 ZwDebugActiveProcess
    SSDT 8A3152F0 ZwDuplicateObject
    SSDT spic.sys ZwEnumerateKey [0xB7EC5CA4]
    SSDT spic.sys ZwEnumerateValueKey [0xB7EC6032]
    SSDT spic.sys ZwOpenKey [0xB7EA70C0]
    SSDT 8A314590 ZwOpenProcess
    SSDT 8A314800 ZwOpenThread
    SSDT 8A314FD0 ZwProtectVirtualMemory
    SSDT spic.sys ZwQueryKey [0xB7EC610A]
    SSDT spic.sys ZwQueryValueKey [0xB7EC5F8A]
    SSDT 8A3150E0 ZwQueueApcThread
    SSDT 8A314EC0 ZwSetContextThread
    SSDT 8A314D90 ZwSetInformationThread
    SSDT 8A311DA0 ZwSetSecurityObject
    SSDT spic.sys ZwSetValueKey [0xB7EC619C]
    SSDT 8A314B90 ZwSuspendProcess
    SSDT 8A314A80 ZwSuspendThread
    SSDT 8A3146E0 ZwTerminateProcess
    SSDT 8A314A50 ZwTerminateThread
    SSDT 8A3156D0 ZwWriteVirtualMemory

    INT 0x63 ? 8AE89BF8
    INT 0x63 ? 8AE89BF8
    INT 0x63 ? 8AE89BF8
    INT 0x63 ? 8AE89BF8
    INT 0x63 ? 8A9E4F00
    INT 0x63 ? 8AE89BF8
    INT 0x84 ? 8A9E4F00
    INT 0xA4 ? 8A9E4F00
    INT 0xA4 ? 8A9E4F00
    INT 0xA4 ? 8A9E4F00
    INT 0xA4 ? 8A9E4F00
    INT 0xB4 ? 8A9E4F00

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spic.sys Navedene datoteke ni mogoče najti. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C2A3A0, 0x5FE082, 0xE8000020]
    .text USBPORT.SYS!DllUnload B6C0A8AC 5 Bytes JMP 8A9E44E0
    .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB1C1E300, 0x3B6D8, 0xE8000020]
    .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8480300, 0x1BEE, 0xE8000020]
    ? C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\mbr.sys Navedene datoteke ni mogoče najti. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[468] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1388] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8AE881F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{E598B3D6-4696-4658-87C4-449CFB4E786E} 8A9E2500
    Device \Driver\usbuhci \Device\USBPDO-0 8A967500
    Device \Driver\usbuhci \Device\USBPDO-1 8A967500
    Device \Driver\usbuhci \Device\USBPDO-2 8A967500
    Device \Driver\usbehci \Device\USBPDO-3 8A9551F8
    Device \Driver\usbuhci \Device\USBPDO-4 8A967500

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

    Device \Driver\usbuhci \Device\USBPDO-5 8A967500
    Device \Driver\usbuhci \Device\USBPDO-6 8A967500
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8AE1A1F8
    Device \Driver\usbehci \Device\USBPDO-7 8A9551F8
    Device \Driver\Cdrom \Device\CdRom0 8AAD9500
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort0 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort1 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort2 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort3 [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A9E2500
    Device \Driver\NetBT \Device\NetbiosSmb 8A9E2500
    Device \Driver\usbstor \Device\00000089 8AA71500
    Device \Driver\usbstor \Device\00000089 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbuhci \Device\USBFDO-0 8A967500
    Device \Driver\usbuhci \Device\USBFDO-1 8A967500
    Device \Driver\usbuhci \Device\USBFDO-2 8A967500
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A9E0500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A9E0500
    Device \Driver\usbehci \Device\USBFDO-3 8A9551F8
    Device \Driver\Ftdisk \Device\FtControl 8AE1A1F8
    Device \Driver\usbuhci \Device\USBFDO-4 8A967500
    Device \Driver\usbstor \Device\0000008a 8AA71500
    Device \Driver\usbstor \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbuhci \Device\USBFDO-5 8A967500
    Device \Driver\usbstor \Device\0000008b 8AA71500
    Device \Driver\usbstor \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbuhci \Device\USBFDO-6 8A967500
    Device \Driver\usbstor \Device\0000008c 8AA71500
    Device \Driver\usbstor \Device\0000008c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\usbehci \Device\USBFDO-7 8A9551F8
    Device \Driver\usbstor \Device\0000008d 8AA71500
    Device \Driver\usbstor \Device\0000008d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \FileSystem\Cdfs \Cdfs 8A9E7500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272c42ca2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xEE 0x1D 0x83 0x29 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272c42ca2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x68 0x18 0x66 0xB7 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x88 0x53 0x15 0xDA ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x78 0xFA 0x32 0x2D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x68 0x6C 0xB4 0x6B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x68 0x6C 0xB4 0x6B ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  4. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    I'd just like to ask do I have to disable my Windows firewall and SUPERAntiSpyware? What about my router? Could it block some ports, so ComboFix might not get full access to the web?
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    No need to disable windows firewall or do anything to the router
    You only need to disable SAS if it is the full version with real time protection
    If it is the free version, don't do anything to it and just run combofix
     
  6. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    Ok I've done it! I've disabled the Win firewall anyway and went on with ComboFix. All went normal as instructed, but when the system rebooted I've got a blue screen with a message (0x000000000CA - I don't remember exactly how many nulls there were, but it said that if it was my first time seeing this screen, that I only needed to press the reboot button on the computer. So I waited 5min just in case and rebooted.) It all went ok and now and I can't see Wgd.exe nor in the processes tab in Task Manager nor in the HJT and DDS logs. I will -if I may- keep you informed IF anything goes wrong. Anyways the system seems much more stable and it responds faster. What's concerned of that ijji REACTOR that I wrote about is going to be uninstalled and re-installed. I hope no viruses/malware... pops up again in the process. So yeah, thanks for your kind and informing replies. I REALLY appreciate that someone, who is actually experienced in this is willing to help by volunteering and solving problems on a free, public forum.

    Have a great day dvk01 and thanks again!

    Regards,
    YerOldPoison :)
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    post the combofix report then please so we can see what else it found
     
  8. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    There is no such file/log in my C:\ drive. There's only a new file I saw with a "My Computer" icon that says username123 (named jsut like the exe file of ComboFix)
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    look in c:\qoobox for combofix.txt ( it might be in the quarantine folder)
    if it isn't there then it means combofix was interupted during its run & needs to be run again
     
  10. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    Well I'll give it another try... There is only a catchme.log in the qurantine and some folders (one for the backup and one named C, which has some quarantined files in - a couple of Documents and Settings and WINDOWS files.
     
  11. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    Here is the log. I ran it again and this time it made the log and didn't reboot. :)
     

    Attached Files:

  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    you have loads of files that fail sig check and that could be becasue they have been changed by malware
    best cure is
    Go here to download and save the full 316 MB SP3 upgrade.

    After it's been downloaded and saved, do the following:

    Double-click the saved SP3 upgrade file to start the upgrade process.

    It'll take 30 - 60 minutes or more to complete, so be patient.

    If you're not prompted to restart the computer after the upgrade is complete, do so.

    Restart the computer again.

    then run combofix again & post its new log
     
  13. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    Ok... I'll post as soon as possible. Thanks :)
     
  14. YerOldPoison

    YerOldPoison Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    51
    Here's the log. Now I've had some problems. SP3 overwritten some VistaMizer files and now I am thinking of re-installing it. So I'll get the same Vista look back, because right now it's half Vista, half XP look. :S
     

    Attached Files:

  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    using a program like vistamizer that changes vital system files always carries drawbacks and antiviuses & windows updates will detect changes & replace the files with legitimate ones because teh changed ones carry a vastly increased risk of allowing malware infiltration

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976289

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice