1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiVirus Removal

Discussion in 'Virus & Other Malware Removal' started by Leinad, Oct 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Leinad

    Leinad Thread Starter

    Joined:
    Dec 8, 2004
    Messages:
    27
    alright, my darling sister has somehow managed to break all the computers in the house in the one short week that i was away, i think i've cured all but one. And was hoping for some help removing winantivirus and all its little helpers..

    used Ewido/AVG, Spyware Doctor.

    HJT log-
    Logfile of HijackThis v1.99.1
    Scan saved at 6:47:01 PM, on 10/30/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\RGFuaWVsIFJlaWQ\command.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Documents and Settings\M a D d I e - m O o\Desktop\two.exe
    C:\Program Files\Common Files\{404A862E-0216-1033-1122-991008190001}\Update.exe
    C:\Program Files\MSN Messenger\msrg.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\program files\internet explorer\iexplore.exe
    C:\Documents and Settings\Leinad\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\M a D d I e - m O o\Desktop\two.exe
    O4 - HKLM\..\Run: [defender] c:\\dfndrff_e42.exe
    O4 - HKLM\..\Run: [newname] c:\\nwnmff_e42.exe
    O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e42.exe
    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msrg.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\wc2help.dll
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrr6059se.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIFJlaWQ\command.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    Thanks =)
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.


    You don't have either a firewall or a anti virus which means you have no protection. Download these tools from the links below and install them and update anti vir!



    Anti-vir

    http://www.free-av.com/



    Comodo firewall. Sign up it's free!

    http://www.personalfirewall.trustix.com/


    Threads on comodo!

    http://www.wilderssecurity.com/forumdisplay.php?f=31




    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find AVG Antipsyware guard
    Right click and choose "Properties". On the "General" tab under "Service
    Status" click the "Stop" button to stop the service. Beside "Startup Type"
    in the dropdown menu select "Disabled". Click Apply then OK. Exit the
    Services utility.

    Note: You may get an error here when trying to access the properties of the
    service. If you do get an error, just select the service and look there in
    the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


    You can re-enable this after you are clean!



    To deactivate Spyware Doctor's OnGuard Tools

    * From within Spyware Doctor, click the "OnGuard" button on the left side.
    * Uncheck "Activate OnGuard".

    You can reenable it once your system is clean.




    Click here to download Look2Me-Destroyer.exe and save it to your desktop.

    http://www.atribune.org/ccount/click.php?id=7



    * Close all windows before continuing.
    * Double-click Look2Me-Destroyer.exe to run it.
    * Put a check next to Run this program as a task.
    * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    * Once it's done scanning, click the Remove L2M button.
    * You will receive a Done Scanning message, click OK.
    * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    * Your computer will then shutdown.
    * Turn your computer back on.
    * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.


    If Look2Me-Destroyer does not reopen automatically, reboot and try again.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

    http://www.ascentive.com/support/new...b/MSWINSCK.OCX




    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
    · Double-click VundoFix.exe to run it.
    · Click the Scan for Vundo button.
    · Once it's done scanning, click the Remove Vundo button.
    · You will receive a prompt asking if you want to remove the files, click YES
    · Once you click yes, your desktop will go blank as it starts removing Vundo.
    · When completed, it will prompt that it will shutdown your computer, click OK.
    · Turn your computer back on.


    Go here and downlaod the latest version of java, once
    downloaded, go to add/remove and uninstall all previous versions of java
    from add/remove and then install the latest version you just downloaded!


    http://java.com/en/download/manual.jsp

    http://www.majorgeeks.com/download.php?det=4648



    Download AlcanShorty_en.exe and save it to your desktop.

    http://www.geekstogo.com/forum/index.php?act=dscript&CODE=showdetails&f_id=13

    * Double click the alcanShorty.exe file and follow prompts.
    * It will make a folder on desktop called Alcan Shorty
    * Open the Alcan Shorty folder & double click the run.bat file to run it.
    * This will download a file called BFU.exe and a BFU script.
    * If your firewall asks for permission to connect to the internet you must allow it.
    * A message box will pop up saying "complete".
    * Be patient and wait for the message box to appear as it may take some time.
    * Press OK then BFU.exe will open.
    * Select the option to "Show log after script ends"
    * Execute the script by clicking the Execute button.
    * Note that you should see a progress bar while the script is being executed.
    * When the script has finished press "copy" and that will make a copy of the report in your clipboard.
    * Paste the log into Notepad and save it to your desktop to post back here later.

    Note: If you have any questions about the use of BFU please read here.

    http://metallica.geekstogo.com/BFUinstructions.html


    post another hijack this log, the l2me, and the vundo log!
     
  3. Leinad

    Leinad Thread Starter

    Joined:
    Dec 8, 2004
    Messages:
    27
    BFU:

    BFU v1.00.9
    Windows XP (WinNT 5.01.2600 )
    Script started at 7:11:33 PM, on 11/1/2006

    Option Unload Explorer: Yes
    Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
    Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
    Failed: DllUnregister \asappsrv.dll|1 (file not found)
    Failed: DllUnregister \MyToolBar.dll (file not found)
    Failed: ServiceStop Network Monitor (service not found)
    Failed: ServiceStop cmdService (service not found)
    Failed: ServiceDisable Network Monitor (service not found)
    Failed: ServiceDisable cmdService (service not found)
    Failed: ServiceDelete Network Monitor (service not found)
    Failed: ServiceDelete cmdService (service not found)
    Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
    Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
    Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2p networking (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|truetype (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|0mcamcap (key not found)
    Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|mysvcig38 (key not found)
    Option pause between commands: 300 ms
    Option pause between commands: 50 ms
    Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
    Failed: FolderDelete C:\Program Files\winupdates (folder not found)
    Failed: FolderDelete C:\Program Files\winupdate (folder not found)
    Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
    Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
    Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
    Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
    Failed: FolderDelete C:\Program Files\outlook (folder not found)
    Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
    Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
    Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
    Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
    Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
    Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
    Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
    Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
    Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
    Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
    Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
    Failed: FileDelete C:\DOCUME~1\Leinad\LOCALS~1\Temp\~DF3061.tmp (operation failed)
    Failed: FileDelete C:\DOCUME~1\Leinad\LOCALS~1\Temp\~DF8B72.tmp (operation failed)
    Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
    Failed: FolderDelete C:\Program Files\DNS (folder not found)
    Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
    Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
    Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
    Failed: FolderDelete C:\Program Files\Update06 (folder not found)
    Failed: FolderDelete C:\Program Files\Update03 (folder not found)
    Failed: FolderDelete C:\Program Files\Update04 (folder not found)
    Failed: FolderDelete C:\Program Files\Update08 (folder not found)
    Failed: FolderDelete C:\Program Files\W-Update (folder not found)
    Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
    Failed: FolderDelete C:\Program Files\Cas (folder not found)
    Failed: FolderDelete C:\Program Files\CasStub (folder not found)
    Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
    Failed: FolderDelete C:\Program Files\ipwins (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
    Failed: FolderDelete C:\temp (folder not found)
    Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
    Failed: FolderDelete C:\WINDOWS\System32\crunner (folder not found)
    Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
    Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
    Failed: FolderDelete C:\Program Files\SDVita (folder not found)
    Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
    Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
    Failed: FolderDelete C:\Program Files\PSHope (folder not found)
    Failed: FolderDelete C:\Program Files\Batty (folder not found)
    Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
    Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
    Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
    Failed: FolderDelete C:\Program Files\PSLister (folder not found)
    Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
    Failed: FolderDelete C:\Program Files\PSDream (folder not found)
    Failed: FolderDelete C:\Program Files\cmapp (folder not found)
    Failed: FolderDelete C:\Program Files\cmman (folder not found)
    Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
    Failed: FolderDelete C:\Program Files\fcengine (folder not found)
    Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
    Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
    Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
    Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
    Failed: FolderCreate C:\bintheredunthat (folder already exists)
    Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
    Script completed.




    Vundo:


    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.9

    Scan started at 7:01:39 PM 11/1/2006

    Listing files found while scanning....

    No infected files were found.




    L2M:


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 11/1/2006 6:54:03 PM

    Infected! C:\WINDOWS\system32\fpn0035me.dll
    Infected! C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0015397.dll
    Infected! C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0015399.dll
    Infected! C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0016402.dll
    Infected! C:\WINDOWS\system32\fpn0035me.dll
    Infected! C:\WINDOWS\system32\ir6ml5j11.dll
    Infected! C:\WINDOWS\system32\rWsmans.dll
    Infected! C:\WINDOWS\system32\s4rs0e97eh.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\fpn0035me.dll
    C:\WINDOWS\system32\fpn0035me.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0015397.dll
    C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0015397.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0015399.dll
    C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0015399.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0016402.dll
    C:\System Volume Information\_restore{054ACA9A-4B9F-4237-9CDD-9E61323D8A91}\RP20\A0016402.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\fpn0035me.dll
    C:\WINDOWS\system32\fpn0035me.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ir6ml5j11.dll
    C:\WINDOWS\system32\ir6ml5j11.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rWsmans.dll
    C:\WINDOWS\system32\rWsmans.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\s4rs0e97eh.dll
    C:\WINDOWS\system32\s4rs0e97eh.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{99F95A4A-1F99-4595-8BEE-4BB949A12F32}"
    HKCR\Clsid\{99F95A4A-1F99-4595-8BEE-4BB949A12F32}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A5137A08-5830-49D7-B4CD-DC06AC0A507B}"
    HKCR\Clsid\{A5137A08-5830-49D7-B4CD-DC06AC0A507B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6677A0E3-9A42-49F4-A81F-B1A8B4716128}"
    HKCR\Clsid\{6677A0E3-9A42-49F4-A81F-B1A8B4716128}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1F472E18-5BF0-44ED-A9CA-F54041CA34C9}"
    HKCR\Clsid\{1F472E18-5BF0-44ED-A9CA-F54041CA34C9}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A1703D0C-33D4-4A90-9743-0867599968E5}"
    HKCR\Clsid\{A1703D0C-33D4-4A90-9743-0867599968E5}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded




    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:15:31 PM, on 11/1/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\M a D d I e - m O o\Desktop\two.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\System32\cmd.exe
    C:\Documents and Settings\Leinad\Desktop\alcanshorty_en\BFU.exe
    C:\Documents and Settings\Leinad\Desktop\alcanshorty_en\BFU.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Leinad\Desktop\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msrg.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe



    Thanks =) sorry about the delay..
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    You need to get Xp SP2 asap and all other patches, you are open to
    multiple threats!

    http://www.microsoft.com/downloads/...BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en


    your just going to get reinfected if you don't deploy a firewall and anti virus program!


    Anti-vir

    http://www.free-av.com/


    Comodo firewall. Sign up it's free!

    http://www.personalfirewall.trustix.com/


    Threads on comodo!

    http://www.wilderssecurity.com/forumdisplay.php?f=31



    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find AppInit_DLLs:
    Right click and choose "Properties". On the "General" tab under "Service
    Status" click the "Stop" button to stop the service. Beside "Startup Type"
    in the dropdown menu select "Disabled". Click Apply then OK. Exit the
    Services utility.

    Note: You may get an error here when trying to access the properties of the
    service. If you do get an error, just select the service and look there in
    the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.




    Download AVG Anti-Spyware

    http://www.ewido.net/en/


    * Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    * Once the setup is complete you will need run Ewido and update the definition files.
    * On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    * Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    * Once in the Settings screen click on "Recommended actions" and then select "Delete"
    * Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"


    Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:

    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.



    O20 - AppInit_DLLs:


    Run AVG Anti-Spyware!

    # IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
    # Launch AVG Anti-spyware by double-clicking the icon on your desktop.
    # Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    # AVG will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
    # If you have any infections you will prompted, then select "Apply all actions"
    # Next select the "Reports" icon at the top.
    # Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    # Close AVG and reboot your system back into Normal Mode.



    reboot to normal mode and run a few online scans!


    Make sure your ActiveX controls are set as follows:

    Go to Internet Options - Security - Internet, press 'default level', then OK.
    Now press "Custom Level."

    In the ActiveX section, set the first two options (Download signed and
    unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
    controls not marked as safe" to 'disable'.


    Active X settings

    http://www.compu-docs.com/activex.htm



    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!



    post another hijack this log, the AVG Anti-Spyware log and active scan logs
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/513973

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice