MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: spyware and virus problems
June 18, 2019, 01:38:36 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 18, 2019, 01:38:36 PM

Login with username, password and session length
 
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: spyware and virus problems  (Read 2122 times)
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« on: January 02, 2009, 06:05:19 PM »

hey could use some help had some problems here is my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:46, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\Program Files\Belkin\F5D8051v2\chkdev.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {5b00ec07-0fca-adc9-98c4-ce77f35e1ec8} - {8ce1e53f-77ec-4c89-9cda-acf070ce00b5} - C:\WINDOWS\system32\xhwurh.dll (file missing)
O2 - BHO: (no name) - {A2F057BE-2B48-4632-81C5-B2EBF5E79180} - C:\WINDOWS\system32\fccaAsQK.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\jkse73hedfdgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - C:\WINDOWS\system32\jkse73hedfdgf.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Owner\winlogon.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [Sniza] rundll32.exe "C:\WINDOWS\Vdosuvonejecuxiq.dll",e
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\Owner\nview.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKLM\..\Run: [Umivokitubaliko] rundll32.exe "C:\WINDOWS\uzesetube.dll",e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: ICON 225 USB Connect.lnk = C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: xhwurh.dll
O20 - Winlogon Notify: khfETmjh - khfETmjh.dll (file missing)
O21 - SSODL: ieModule - {2A0B1501-2BC9-4057-9F94-840F2CE714E4} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (file missing)
O21 - SSODL: InternetConnection - {DA699AFD-5224-4651-AA36-8FE886C87397} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\dtfpxadjqa.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8577 bytes
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: January 02, 2009, 09:37:38 PM »

I see the problem....

Run both these programs.


Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


=====================================================================================

=====================================================================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #2 on: January 03, 2009, 04:40:13 PM »

i could not delete without buying the malwarebyte software but have a logfile i will follow other advice tho now






Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

03/01/2009 16:35:13
mbam-log-2009-01-03 (16-34-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 76141
Time elapsed: 30 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ce1e53f-77ec-4c89-9cda-acf070ce00b5} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ce1e53f-77ec-4c89-9cda-acf070ce00b5} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniza (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\umivokitubaliko (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Applicationedc (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> No action taken.

Files Infected:
C:\WINDOWS\system32\xhwurh.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\uzesetube.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\winlogon.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ddcYopnm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> No action taken.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> No action taken.
C:\Documents and Settings\Owner\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Logged
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #3 on: January 03, 2009, 05:12:08 PM »

combo fix log aswell

ComboFix 09-01-01.02 - Owner 2009-01-03 17:02:22.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.127 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\AntispywareBot
c:\windows\reged.exe
c:\windows\sys.com
c:\windows\system32\iwtllwyp.dll
c:\windows\system32\KQsAaccf.ini
c:\windows\system32\laifwjor.dll
c:\windows\system32\pac.txt
c:\windows\system32\taskkill.exe
c:\windows\system32\winscenter.exe
c:\windows\Temp\tmp3.tmp

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
(((((((((((((((((((((((((   Files Created from 2008-12-03 to 2009-01-03  )))))))))))))))))))))))))))))))
.

2009-01-03 17:07 . 2009-01-03 17:07   0   ---------   c:\windows\system32\taskkill.exe
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 22:48 . 2008-12-03 19:59   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 22:48 . 2008-12-03 19:59   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-01-02 22:43 . 2009-01-02 22:43   <DIR>   d--------   c:\program files\MalwareRemovalBot
2009-01-02 22:43 . 2009-01-02 22:45   <DIR>   d--------   c:\documents and settings\Owner\Application Data\MalwareRemovalBot
2008-12-28 00:24 . 2008-06-19 17:24   28,544   --a------   c:\windows\system32\drivers\pavboot.sys
2008-12-28 00:23 . 2008-12-28 00:23   <DIR>   d--------   c:\program files\Panda Security
2008-12-27 19:45 . 2008-12-27 19:46   316   --a------   c:\windows\wininit.ini
2008-12-27 18:27 . 2008-12-27 18:28   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-12-27 18:27 . 2008-12-27 19:47   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 20:28 . 2008-12-23 20:28   132,096   --a------   c:\windows\uzesetube.dll
2008-12-23 20:09 . 2008-12-23 20:09   <DIR>   d--------   c:\windows\system32\izp
2008-12-23 20:09 . 2008-12-28 12:14   <DIR>   d--hs----   c:\documents and settings\Owner\Searched
2008-12-23 20:09 . 2009-01-02 19:11   <DIR>   dr-h-----   C:\$VAULT$.AVG
2008-12-23 20:09 . 2008-12-23 20:09   3,112,960   ---hs----   c:\documents and settings\Owner\nview.exe
2008-12-23 20:09 . 2008-12-23 20:09   293   --a------   c:\documents and settings\Owner\fOeElvA.bat
2008-12-23 20:08 . 2008-12-23 21:56   <DIR>   d--------   c:\windows\system32\whSLD02
2008-12-23 20:08 . 2008-12-23 20:09   <DIR>   d--------   c:\temp\REX81
2008-12-23 20:08 . 2008-12-27 19:46   <DIR>   d--------   C:\Temp
2008-12-23 20:08 . 2008-12-23 20:08   112,364   --a------   c:\documents and settings\Owner\VbDzTA.exe
2008-12-23 20:08 . 2008-12-23 20:08   45,056   --a------   c:\windows\system32\ddcYopnm.dll
2008-12-23 20:08 . 2008-12-23 20:08   16,896   --a------   c:\documents and settings\Owner\PojJfNqYCl.exe
2008-12-23 20:08 . 2008-12-23 20:08   2   --a------   C:\1949004759
2008-12-15 23:09 . 2008-12-15 23:08   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-12 20:16 . 2008-12-23 20:08   262,144   --a------   c:\documents and settings\Owner\msiexec.exe
2008-12-12 20:12 . 2008-12-12 20:12   49,156   ---hs----   c:\documents and settings\Owner\winlogon.exe
2008-12-05 23:19 . 2008-12-05 23:19   <DIR>   d--------   c:\documents and settings\All Users\SonicStage
2008-12-05 23:04 . 2001-09-13 02:15   90,112   ---------   c:\windows\snymsico.dll
2008-12-05 23:04 . 2002-08-08 15:51   38,951   --a------   c:\windows\system32\drivers\NETMDUSB.sys
2008-12-05 23:04 . 2005-10-31 10:46   36,679   --a------   c:\windows\system32\drivers\NETMD052.sys
2008-12-05 23:04 . 2003-11-10 12:31   36,232   --a------   c:\windows\system32\drivers\NETMD033.sys
2008-12-05 23:04 . 2003-04-01 18:55   35,319   --a------   c:\windows\system32\drivers\NETMD031.sys
2008-12-05 23:03 . 2008-12-05 23:03   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Sony Corporation
2008-12-05 23:02 . 2008-12-05 23:04   <DIR>   d--------   c:\program files\Sony
2008-12-05 23:01 . 2008-12-05 23:02   <DIR>   d--------   c:\program files\Common Files\Sony Shared
2008-12-05 23:01 . 2008-12-05 23:19   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Sony Corporation

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 17:07   ---------   d-----w   c:\documents and settings\Owner\Application Data\LimeWire
2009-01-03 08:00   ---------   d-----w   c:\documents and settings\Owner\Application Data\AVG7
2008-12-28 11:56   ---------   d-----w   c:\program files\Java
2008-12-23 20:16   ---------   d-----w   c:\program files\LimeWire
2008-12-05 23:04   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-05 23:02   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-03 08:52   ---------   d-----w   c:\documents and settings\Owner\Application Data\uTorrent
2008-12-01 20:58   ---------   d-----w   c:\program files\uTorrent
2008-11-18 20:03   ---------   d-----w   c:\program files\Sun
2008-11-06 19:12   ---------   d-----w   c:\program files\PartyGaming
2008-10-04 18:10   73,216   ----a-w   c:\windows\ST6UNST.EXE
2008-10-04 18:10   249,856   ------w   c:\windows\Setup1.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"MalwareRemovalBot"="c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe" [2008-12-16 19382272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Windows Logon Applicationedc"="c:\documents and settings\Owner\winlogon.exe" [2008-12-12 49156]
"NVIDIA nView"="c:\documents and settings\Owner\nview.exe" [2008-12-23 3112960]
"Umivokitubaliko"="c:\windows\uzesetube.dll" [2008-12-23 132096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-22 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-09-18 1581056]
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-05-28 843776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xhwurh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-28 28544]
R2 GtDetectSc;GtDetectSc;"c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe" [2007-12-18 196704]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S1 22f6cc24;22f6cc24;c:\windows\system32\drivers\22f6cc24.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-02 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4afc7e6-9961-11dd-997b-001111bd45da}]
\Shell\AutoRun\command - E:\setup.exe AUTORUN=1
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe [2008-12-16 21:03]

2009-01-03 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2009-01-02 22:43]

2009-01-03 c:\windows\Tasks\ybhfrlvx.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8ce1e53f-77ec-4c89-9cda-acf070ce00b5} - c:\windows\system32\xhwurh.dll
BHO-{A2F057BE-2B48-4632-81C5-B2EBF5E79180} - c:\windows\system32\fccaAsQK.dll
BHO-{c5bf49a2-94f3-42bd-f434-3604812c897d} - (no file)
HKLM-Run-Sniza - c:\windows\Vdosuvonejecuxiq.dll
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
Notify-khfETmjh - khfETmjh.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zmk5lo67.default\

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Belkin\F5D8051v2\ChkDev.exe
.
**************************************************************************
.
Completion time: 2009-01-03 17:10:08 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt  2009-01-03 17:10:06

172   --- E O F ---   2008-12-28 12:11:34
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: January 03, 2009, 09:44:40 PM »

You dont have to buy Malwarebytes...
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #5 on: January 04, 2009, 01:12:35 AM »

sorry bout that dont know what i did but done it now
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: January 04, 2009, 03:04:10 AM »

Ok.Can you run Malwarebytes and Combofix again and post both logs please so I can see whats left.
Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #7 on: January 04, 2009, 10:23:18 AM »

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

04/01/2009 10:20:54
mbam-log-2009-01-04 (10-20-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 76697
Time elapsed: 27 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sniza (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\umivokitubaliko (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Applicationedc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #8 on: January 04, 2009, 10:37:10 AM »

ComboFix 09-01-01.02 - Owner 2009-01-04 10:25:16.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.133 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\taskkill.exe
c:\windows\Temp\tmp3.tmp

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
(((((((((((((((((((((((((   Files Created from 2008-12-04 to 2009-01-04  )))))))))))))))))))))))))))))))
.

2009-01-04 10:24 . 2009-01-04 10:24   <DIR>   d--------   C:\32788R22FWJFW
2009-01-03 17:07 . 2009-01-04 10:30   0   ---------   c:\windows\system32\taskkill.exe
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 22:48 . 2008-12-03 19:59   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 22:48 . 2008-12-03 19:59   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-01-02 22:43 . 2009-01-02 22:43   <DIR>   d--------   c:\program files\MalwareRemovalBot
2009-01-02 22:43 . 2009-01-02 22:45   <DIR>   d--------   c:\documents and settings\Owner\Application Data\MalwareRemovalBot
2008-12-28 00:24 . 2008-06-19 17:24   28,544   --a------   c:\windows\system32\drivers\pavboot.sys
2008-12-28 00:23 . 2008-12-28 00:23   <DIR>   d--------   c:\program files\Panda Security
2008-12-27 19:45 . 2008-12-27 19:46   316   --a------   c:\windows\wininit.ini
2008-12-27 18:27 . 2008-12-27 18:28   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-12-27 18:27 . 2008-12-27 19:47   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 20:09 . 2008-12-23 20:09   <DIR>   d--------   c:\windows\system32\izp
2008-12-23 20:09 . 2009-01-03 17:13   <DIR>   d--hs----   c:\documents and settings\Owner\Searched
2008-12-23 20:09 . 2009-01-04 10:08   <DIR>   dr-h-----   C:\$VAULT$.AVG
2008-12-23 20:09 . 2008-12-23 20:09   3,112,960   ---hs----   c:\documents and settings\Owner\nview.exe
2008-12-23 20:09 . 2008-12-23 20:09   293   --a------   c:\documents and settings\Owner\fOeElvA.bat
2008-12-23 20:08 . 2008-12-23 21:56   <DIR>   d--------   c:\windows\system32\whSLD02
2008-12-23 20:08 . 2008-12-23 20:09   <DIR>   d--------   c:\temp\REX81
2008-12-23 20:08 . 2008-12-27 19:46   <DIR>   d--------   C:\Temp
2008-12-23 20:08 . 2008-12-23 20:08   112,364   --a------   c:\documents and settings\Owner\VbDzTA.exe
2008-12-23 20:08 . 2008-12-23 20:08   16,896   --a------   c:\documents and settings\Owner\PojJfNqYCl.exe
2008-12-23 20:08 . 2008-12-23 20:08   2   --a------   C:\1949004759
2008-12-15 23:09 . 2008-12-15 23:08   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-05 23:19 . 2008-12-05 23:19   <DIR>   d--------   c:\documents and settings\All Users\SonicStage
2008-12-05 23:04 . 2001-09-13 02:15   90,112   ---------   c:\windows\snymsico.dll
2008-12-05 23:04 . 2002-08-08 15:51   38,951   --a------   c:\windows\system32\drivers\NETMDUSB.sys
2008-12-05 23:04 . 2005-10-31 10:46   36,679   --a------   c:\windows\system32\drivers\NETMD052.sys
2008-12-05 23:04 . 2003-11-10 12:31   36,232   --a------   c:\windows\system32\drivers\NETMD033.sys
2008-12-05 23:04 . 2003-04-01 18:55   35,319   --a------   c:\windows\system32\drivers\NETMD031.sys
2008-12-05 23:03 . 2008-12-05 23:03   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Sony Corporation
2008-12-05 23:02 . 2008-12-05 23:04   <DIR>   d--------   c:\program files\Sony
2008-12-05 23:01 . 2008-12-05 23:02   <DIR>   d--------   c:\program files\Common Files\Sony Shared
2008-12-05 23:01 . 2008-12-05 23:19   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Sony Corporation

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 10:30   ---------   d-----w   c:\documents and settings\Owner\Application Data\LimeWire
2009-01-04 08:00   ---------   d-----w   c:\documents and settings\Owner\Application Data\AVG7
2008-12-28 11:56   ---------   d-----w   c:\program files\Java
2008-12-23 20:16   ---------   d-----w   c:\program files\LimeWire
2008-12-05 23:04   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-05 23:02   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-03 08:52   ---------   d-----w   c:\documents and settings\Owner\Application Data\uTorrent
2008-12-01 20:58   ---------   d-----w   c:\program files\uTorrent
2008-11-18 20:03   ---------   d-----w   c:\program files\Sun
2008-11-06 19:12   ---------   d-----w   c:\program files\PartyGaming
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 14:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 14:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 14:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 14:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 14:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 14:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 14:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 14:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 14:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 14:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-04 18:10   73,216   ----a-w   c:\windows\ST6UNST.EXE
2008-10-04 18:10   249,856   ------w   c:\windows\Setup1.exe
.

(((((((((((((((((((((((((((((   snapshot@2009-01-03_17.09.25.09   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-29 22:00:02   16,384   --sha-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-03 18:00:05   16,384   --sha-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-29 22:00:02   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-03 18:00:05   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-29 22:00:02   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-03 18:00:05   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-04 10:30:12   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_73c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2F057BE-2B48-4632-81C5-B2EBF5E79180}]
c:\windows\system32\fccaAsQK.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"MalwareRemovalBot"="c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe" [2008-12-16 19382272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NVIDIA nView"="c:\documents and settings\Owner\nview.exe" [2008-12-23 3112960]
"spywareguard"="c:\program files\Spyware Guard 2008\spywareguard.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Sniza"="c:\windows\Vdosuvonejecuxiq.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-22 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-09-18 1581056]
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-05-28 843776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfETmjh]
khfETmjh.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xhwurh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-28 28544]
R2 GtDetectSc;GtDetectSc;"c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe" [2007-12-18 196704]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S1 22f6cc24;22f6cc24;c:\windows\system32\drivers\22f6cc24.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-02 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4afc7e6-9961-11dd-997b-001111bd45da}]
\Shell\AutoRun\command - E:\setup.exe AUTORUN=1
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe [2008-12-16 21:03]

2009-01-04 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot [2009-01-02 22:43]

2009-01-04 c:\windows\Tasks\ybhfrlvx.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8ce1e53f-77ec-4c89-9cda-acf070ce00b5} - (no file)
BHO-{c5bf49a2-94f3-42bd-f434-3604812c897d} - (no file)
HKLM-Run-Windows Logon Applicationedc - c:\documents and settings\Owner\winlogon.exe
HKLM-Run-Umivokitubaliko - c:\windows\uzesetube.dll
HKLM-Run-xsjfn83jkemfofght - c:\docume~1\Owner\LOCALS~1\Temp\winlogin.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zmk5lo67.default\

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Belkin\F5D8051v2\ChkDev.exe
.
**************************************************************************
.
Completion time: 2009-01-04 10:33:36 - machine was rebooted
ComboFix-quarantined-files.txt  2009-01-04 10:33:33
ComboFix2.txt  2009-01-03 17:10:10

189   --- E O F ---   2008-12-28 12:11:34
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: January 04, 2009, 09:29:14 PM »

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote



File::
 c:\documents and settings\Owner\VbDzTA.exe
 c:\documents and settings\Owner\PojJfNqYCl.exe
c:\windows\system32\fccaAsQK.dll
c:\windows\Vdosuvonejecuxiq.dll
c:\windows\Tasks\ybhfrlvx.job
Folder::
c:\program files\MalwareRemovalBot
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2F057BE-2B48-4632-81C5-B2EBF5E79180}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalwareRemovalBot"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sniza"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfETmjh]
 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #10 on: January 05, 2009, 09:55:55 PM »

ComboFix 09-01-01.02 - Owner 2009-01-05 21:43:38.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.242 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
 * Created a new restore point

FILE ::
c:\documents and settings\Owner\PojJfNqYCl.exe
c:\documents and settings\Owner\VbDzTA.exe
c:\windows\system32\fccaAsQK.dll
c:\windows\Tasks\ybhfrlvx.job
c:\windows\Vdosuvonejecuxiq.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\PojJfNqYCl.exe
c:\documents and settings\Owner\VbDzTA.exe
c:\program files\MalwareRemovalBot
c:\program files\MalwareRemovalBot\DataBase.ref
c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
c:\program files\MalwareRemovalBot\MalwareRemovalBot.url
c:\program files\MalwareRemovalBot\SpyCleaner.dll
c:\program files\MalwareRemovalBot\TCL.dll
c:\program files\MalwareRemovalBot\vistaCPtasks.xml
c:\program files\MalwareRemovalBot\zlib.dll
c:\windows\system32\taskkill.exe
c:\windows\Tasks\ybhfrlvx.job

.
(((((((((((((((((((((((((   Files Created from 2008-12-05 to 2009-01-05  )))))))))))))))))))))))))))))))
.

2009-01-03 17:07 . 2009-01-05 21:47   0   ---------   c:\windows\system32\taskkill.exe
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-02 22:48 . 2009-01-02 22:48   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 22:48 . 2008-12-03 19:59   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 22:48 . 2008-12-03 19:59   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-01-02 22:43 . 2009-01-02 22:45   <DIR>   d--------   c:\documents and settings\Owner\Application Data\MalwareRemovalBot
2008-12-28 00:24 . 2008-06-19 17:24   28,544   --a------   c:\windows\system32\drivers\pavboot.sys
2008-12-28 00:23 . 2008-12-28 00:23   <DIR>   d--------   c:\program files\Panda Security
2008-12-27 19:45 . 2008-12-27 19:46   316   --a------   c:\windows\wininit.ini
2008-12-27 18:27 . 2008-12-27 18:28   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-12-27 18:27 . 2008-12-27 19:47   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 20:09 . 2008-12-23 20:09   <DIR>   d--------   c:\windows\system32\izp
2008-12-23 20:09 . 2009-01-03 17:13   <DIR>   d--hs----   c:\documents and settings\Owner\Searched
2008-12-23 20:09 . 2009-01-04 10:08   <DIR>   dr-h-----   C:\$VAULT$.AVG
2008-12-23 20:09 . 2008-12-23 20:09   3,112,960   ---hs----   c:\documents and settings\Owner\nview.exe
2008-12-23 20:09 . 2008-12-23 20:09   293   --a------   c:\documents and settings\Owner\fOeElvA.bat
2008-12-23 20:08 . 2008-12-23 21:56   <DIR>   d--------   c:\windows\system32\whSLD02
2008-12-23 20:08 . 2008-12-23 20:09   <DIR>   d--------   c:\temp\REX81
2008-12-23 20:08 . 2008-12-27 19:46   <DIR>   d--------   C:\Temp
2008-12-23 20:08 . 2008-12-23 20:08   2   --a------   C:\1949004759
2008-12-15 23:09 . 2008-12-15 23:08   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-05 23:19 . 2008-12-05 23:19   <DIR>   d--------   c:\documents and settings\All Users\SonicStage
2008-12-05 23:04 . 2001-09-13 02:15   90,112   ---------   c:\windows\snymsico.dll
2008-12-05 23:04 . 2002-08-08 15:51   38,951   --a------   c:\windows\system32\drivers\NETMDUSB.sys
2008-12-05 23:04 . 2005-10-31 10:46   36,679   --a------   c:\windows\system32\drivers\NETMD052.sys
2008-12-05 23:04 . 2003-11-10 12:31   36,232   --a------   c:\windows\system32\drivers\NETMD033.sys
2008-12-05 23:04 . 2003-04-01 18:55   35,319   --a------   c:\windows\system32\drivers\NETMD031.sys
2008-12-05 23:03 . 2008-12-05 23:03   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Sony Corporation
2008-12-05 23:02 . 2008-12-05 23:04   <DIR>   d--------   c:\program files\Sony
2008-12-05 23:01 . 2008-12-05 23:02   <DIR>   d--------   c:\program files\Common Files\Sony Shared
2008-12-05 23:01 . 2008-12-05 23:19   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Sony Corporation

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 21:47   ---------   d-----w   c:\documents and settings\Owner\Application Data\LimeWire
2009-01-05 21:12   ---------   d-----w   c:\documents and settings\Owner\Application Data\AVG7
2008-12-28 11:56   ---------   d-----w   c:\program files\Java
2008-12-23 20:16   ---------   d-----w   c:\program files\LimeWire
2008-12-05 23:04   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-05 23:02   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-03 08:52   ---------   d-----w   c:\documents and settings\Owner\Application Data\uTorrent
2008-12-01 20:58   ---------   d-----w   c:\program files\uTorrent
2008-11-18 20:03   ---------   d-----w   c:\program files\Sun
2008-11-06 19:12   ---------   d-----w   c:\program files\PartyGaming
.

(((((((((((((((((((((((((((((   snapshot@2009-01-03_17.09.25.09   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-29 22:00:02   16,384   --sha-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-03 18:00:05   16,384   --sha-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-29 22:00:02   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-03 18:00:05   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-29 22:00:02   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-03 18:00:05   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-05 21:47:33   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_768.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 590848]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NVIDIA nView"="c:\documents and settings\Owner\nview.exe" [2008-12-23 3112960]
"spywareguard"="c:\program files\Spyware Guard 2008\spywareguard.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"Windows Logon Applicationedc"="c:\documents and settings\Owner\winlogon.exe" [BU]
"Umivokitubaliko"="c:\windows\uzesetube.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-22 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-09-18 1581056]
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-05-28 843776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xhwurh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-28 28544]
R2 GtDetectSc;GtDetectSc;"c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe" [2007-12-18 196704]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S1 22f6cc24;22f6cc24;c:\windows\system32\drivers\22f6cc24.sys []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-02 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4afc7e6-9961-11dd-997b-001111bd45da}]
\Shell\AutoRun\command - E:\setup.exe AUTORUN=1

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2009-01-05 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []
.
- - - - ORPHANS REMOVED - - - -

BHO-{8ce1e53f-77ec-4c89-9cda-acf070ce00b5} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zmk5lo67.default\

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Belkin\F5D8051v2\ChkDev.exe
.
**************************************************************************
.
Completion time: 2009-01-05 21:50:34 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt  2009-01-05 21:50:31
ComboFix2.txt  2009-01-05 21:34:16
ComboFix3.txt  2009-01-04 10:33:37
ComboFix4.txt  2009-01-03 17:10:10

178   --- E O F ---   2008-12-28 12:11:34
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: January 05, 2009, 10:25:18 PM »

I dont recognize anymore malware so you should be fine now...

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box  and click OK.



ComboFix /u

Logged

An Australian Member of

EDDY
royster
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 35


Bookmark and Share

View Profile
« Reply #12 on: January 05, 2009, 11:05:41 PM »

adwarealert
burstmedia
doubleclick
mediaclick
zedo
i did spy bot and these come up they regenerate after delete
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #13 on: January 06, 2009, 01:55:40 AM »

Ok.What you now need to do is turn off your System Restore,reboot,turn it back on and creat a new restore point.

1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore. Leave it to remove files...

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 30, 2018, 08:12:44 AM