AnDyTaN 0 Report post Posted December 13, 2006 (edited) Ok well i done my scan with Ad-Aware then used Hijackthis.Few days ago i got infected by malware called win32.dialer/QS.It installed a fake antivirus program called Virus Bursters or something.After that my computer receive several annoying popups every minute so i had to call for help immediately.I managed to fix the annoying popups and removed the fake antivirus program but this "critical system error" thing in my taskbar still exist.Anyway heres the log:P By the way are there any other more problems on my computer?I hope u pros will help me fix it:P Logfile of HijackThis v1.99.1 Scan saved at 7:27:35 AM, on 12/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Free Download Manager\fdm.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATITool\ATITool.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file) O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TaskSwitchXP] "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe (file missing) O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing) Edited December 13, 2006 by AnDyTaN Share this post Link to post Share on other sites
mistaredx 0 Report post Posted December 14, 2006 (edited) Wow...I have the same problem....I guess I'll post my log here to save some space........ Logfile of HijackThis v1.99.1 Scan saved at 7:22:25 PM, on 12/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\PowerISO\SCDEmuApp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Tools\KillBox.exe C:\Program Files\Spyware Tools\HiJackThis1991\Hijackthis1991.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [sCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk (file missing) O9 - Extra 'Tools' menuitem: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mista6356.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - https://mytbb.primus.ca/webportal/plugins/VMPlayer.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Edited December 14, 2006 by Mistaredx Share this post Link to post Share on other sites
mistaredx 0 Report post Posted December 14, 2006 (edited) I had ran SS&D and AASE in safe mode before this log, but I think I'll try again and then repost my HJT log in a new thread....sorry for hijacking your thread Andytan As of 8:30 I got rid of it. Seems that my ADSE definitions were out of date. Thanks for looking and I hopw I won't be back for a LONG time. Edited December 14, 2006 by Mistaredx Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 14, 2006 Hello,AnDyTaN & Welcome Please do this for me Please download ComboFix and save it to your desktop. Double click combofix.exe and follow the prompts. When it's done running it will produce a log for you. Please post that log in your next reply. Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall. @ Mistaredx Please do not post in someone else's topic start your own Thread Gogo Share this post Link to post Share on other sites
AnDyTaN 0 Report post Posted December 14, 2006 Ok HJthis i finished scanning with Combofix...here's the log . To Mistared:Goodluck fixing your comp Administrator - 06-12-14 18:38:42.60 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Administrator\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2006-11-14 to 2006-12-14 )))))))))))))))))))))))))))))))))) 2006-12-14 06:42 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL 2006-12-14 06:42 <DIR> d-------- C:\Program Files\Registry Mechanic 2006-12-14 06:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2 2006-12-14 06:26 <DIR> d-------- C:\Program Files\OpenOffice.org 2.1 2006-12-14 05:58 <DIR> dr-h----- C:\Documents and Settings\Administrator\Recent 2006-12-14 05:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2006-12-14 05:35 73,728 --a------ C:\WINDOWS\system32\Oemdspif.dll 2006-12-14 05:35 601,792 --a------ C:\WINDOWS\system32\ativvaxx.dll 2006-12-14 05:35 6,680,576 --a------ C:\WINDOWS\system32\atioglx1.dll 2006-12-14 05:35 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2006-12-14 05:35 46,080 --a------ C:\WINDOWS\system32\ati2evxx.dll 2006-12-14 05:35 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll 2006-12-14 05:35 4,841,472 --a------ C:\WINDOWS\system32\atioglxx.dll 2006-12-14 05:35 39,936 --a------ C:\WINDOWS\system32\ati2edxx.dll 2006-12-14 05:35 376,832 --a------ C:\WINDOWS\system32\ati2evxx.exe 2006-12-14 05:35 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2006-12-14 05:35 258,048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll 2006-12-14 05:35 25,088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2006-12-14 05:35 241,664 --a------ C:\WINDOWS\system32\ati2dvag.dll 2006-12-14 05:35 233,472 --a------ C:\WINDOWS\system32\ati2cqag.dll 2006-12-14 05:35 2,430,464 --a------ C:\WINDOWS\system32\ati3duag.dll 2006-12-14 05:35 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2006-12-14 05:35 147,456 --a------ C:\WINDOWS\system32\atikvmag.dll 2006-12-14 05:35 106,496 --a------ C:\WINDOWS\system32\atipdlxx.dll 2006-12-14 05:35 1,348,096 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2006-12-14 05:34 <DIR> d-------- C:\ATI 2006-12-13 19:57 <DIR> d-------- C:\Program Files\ATITool 2006-12-09 19:39 2,829 --a------ C:\WINDOWS\War3Unin.pif 2006-12-09 19:39 139,264 --a------ C:\WINDOWS\War3Unin.exe 2006-12-08 05:41 <DIR> d-------- C:\VundoFix Backups 2006-12-08 01:41 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-12-08 01:41 42,496 --a------ C:\WINDOWS\system32\swreg.exe 2006-12-08 01:41 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-12-08 01:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-12-08 01:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2006-12-08 01:04 299,392 --a------ C:\WINDOWS\system32\imon.dll 2006-12-08 01:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2006-12-08 01:03 <DIR> d-------- C:\Program Files\ESET 2006-12-07 23:51 18,432 --a------ C:\WINDOWS\system32\mlraakb.dll 2006-12-07 11:30 <DIR> dr-h----- C:\$VAULT$.AVG 2006-12-07 09:01 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-12-07 09:01 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-12-07 09:01 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-12-07 09:01 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2006-12-07 09:01 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-12-07 09:01 <DIR> d-------- C:\Program Files\Grisoft 2006-12-07 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2006-12-07 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2006-12-07 09:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2006-12-07 08:30 48,824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-12-07 08:30 108,728 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-12-07 07:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor 2006-12-07 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2006-12-07 07:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2006-12-07 07:06 104,536 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2006-12-07 07:06 <DIR> d-------- C:\Program Files\Common Files\McAfee 2006-12-07 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2006-11-29 03:45 <DIR> d-------- C:\Program Files\iTunes 2006-11-29 03:45 <DIR> d-------- C:\Program Files\iPod 2006-11-28 16:30 <DIR> d-------- C:\Program Files\Warcraft III 2006-11-28 13:27 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2006-11-28 13:27 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2006-11-16 16:54 <DIR> d-------- C:\Program Files\Koei 2006-11-16 16:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield Installation Information 2006-11-16 14:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Activision 2006-11-16 14:17 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2006-11-16 14:17 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2006-11-16 14:17 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2006-11-16 14:17 <DIR> d--hs---- C:\WINDOWS\ftpcache (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-14 18:37 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager 2006-12-14 18:32 -------- d-------- C:\Program Files\Mozilla Firefox 2006-12-14 17:44 -------- d-------- C:\Program Files\mIRC 2006-12-14 07:59 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-12-14 05:36 -------- d-------- C:\Program Files\ATI Technologies 2006-12-13 20:34 -------- d-------- C:\Program Files\Mozilla Thunderbird 2006-12-13 07:22 -------- d-------- C:\Program Files\ShortKeys2 2006-12-13 07:16 -------- d-------- C:\Program Files\Java 2006-12-13 07:16 -------- d-------- C:\Program Files\Apple Software Update 2006-12-13 05:56 -------- d-------- C:\Program Files\LimeWire 2006-12-08 01:57 -------- d-------- C:\Program Files\Common Files 2006-12-08 00:27 -------- d-------- C:\Program Files\Spybot - Search & Destroy 2006-12-07 23:49 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-12-07 15:42 -------- d-------- C:\Program Files\Symantec 2006-12-07 15:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-12-07 09:01 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2006-12-07 07:51 -------- d-------- C:\Program Files\Norton SystemWorks 2006-12-04 01:39 -------- d-------- C:\Program Files\WarRock 2006-12-02 00:03 -------- d-------- C:\Program Files\MSN Messenger 2006-11-26 03:18 -------- d-------- C:\Program Files\SwiftSwitch 2006-11-19 18:01 -------- d-------- C:\Program Files\Internet Explorer 2006-11-16 14:02 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-11-16 02:37 -------- d-------- C:\Program Files\Attribute Changer 2006-11-15 00:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar 2006-11-13 03:58 -------- d-------- C:\Program Files\MegauploadToolbar 2006-11-10 21:08 24064 --a------ C:\WINDOWS\system32\drivers\ATITool.sys 2006-11-07 12:51 -------- d-------- C:\Program Files\QuickTime 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-18 14:51 -------- d-------- C:\Program Files\VideoLAN 2006-10-15 02:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi 2006-10-15 02:00 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc 2006-10-14 00:34 -------- d-------- C:\Program Files\Hero_Online 2006-10-13 20:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 20:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 20:41 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-09-24 09:18 673546 --a------ C:\WINDOWS\unins000.exe 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Gadwin PrintScreen 3.5"="\"C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe\" /nosplash" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "PowerBar"="" "TaskSwitchXP"="\"C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe\"" "Free Download Manager"="\"C:\\Program Files\\Free Download Manager\\fdm.exe\" -autorun" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "SoundMan"="SOUNDMAN.EXE" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\"" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe" "RegistryMechanic"="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe" "Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\ 53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\ 65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\ 79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00 "nlhr"=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\ 6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\ 2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\ 52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00 "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe" "Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\ 53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\ 65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\ 79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00 "nlhr"=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\ 6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\ 2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\ 52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00 "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableCAD"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoSharedDocuments"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000001 "NoRecentDocsMenu"=dword:00000001 "NoRecentDocsHistory"=dword:00000001 "NoInstrumentation"=dword:00000001 "NoSMHelp"=dword:00000001 "DisableCAD"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "NoInternetOpenWith"=dword:00000001 "DisableCAD"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"=dword:00000001 "ForceClassicControlPanel"=dword:00000001 "NoRemoteRecursiveEvents"=dword:00000001 "MemCheckBoxInRunDlg"=dword:00000001 "DisableCAD"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoSharedDocuments"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000001 "NoRecentDocsMenu"=dword:00000001 "NoRecentDocsHistory"=dword:00000001 "NoInstrumentation"=dword:00000001 "NoSMHelp"=dword:00000001 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoSharedDocuments"=dword:00000001 "ClearRecentDocsOnExit"=dword:00000001 "NoRecentDocsMenu"=dword:00000001 "NoRecentDocsHistory"=dword:00000001 "NoInstrumentation"=dword:00000001 "NoSMHelp"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "gloomily"="{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "mcusrmgr"=dword:00000002 "mctskshd.exe"=dword:00000002 "McRedirector"=dword:00000002 "McProxy"=dword:00000002 "mcpromgr"=dword:00000002 "McNASvc"=dword:00000002 "mcmispupdmgr"=dword:00000002 "McLogManagerService"=dword:00000002 "McAfee HackerWatch Service"=dword:00000002 "CLTNetCnService"=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-12-14 18:39:53.87 C:\ComboFix.txt ... 06-12-14 18:39 Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 14, 2006 Hi,AnDyTaN First thing you should do is remove all Anti-Virus scanners and keep just one and then just keep it updated,running more then one is asking for problems and it's also a big slow down. Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ( Do not run it Yet ) Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix. Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter. Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present. Please post the newrapport.txt log along with a new HijackThis Log in your next reply. Once in Safe Mode and you do the above get this here done. Run HijackThis Scan and when it finishes, put a check mark only next to these following items : (if present) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe (file missing) O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing) Close all browsers and any open Windows, making sure that only HijackThis is open Click Fix Checked Close HijackThis Then do a reboot come back here with all logfiles. Gogo Share this post Link to post Share on other sites
AnDyTaN 0 Report post Posted December 14, 2006 Ok here's the Rapport log SmitFraudFix v2.65 Scan done at 20:06:41.46, Thu 12/14/2006 Run from C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily" [HKEY_CLASSES_ROOT\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32] @="C:\WINDOWS\system32\mlraakb.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32] @="C:\WINDOWS\system32\mlraakb.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily" [HKEY_CLASSES_ROOT\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32] @="C:\WINDOWS\system32\mlraakb.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32] @="C:\WINDOWS\system32\mlraakb.dll" »»»»»»»»»»»»»»»»»»»»»»»» End Lastly the Hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 8:12:55 PM, on 12/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\ATITool\ATITool.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Eset\nod32krn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\NOTEPAD2.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file) O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TaskSwitchXP] "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: gloomily - {9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f} - C:\WINDOWS\system32\mlraakb.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe (file missing) O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing) Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 14, 2006 Hi,AnDyTaN Hmm did you run this from Safe Mode as i asked you to. Gogo Share this post Link to post Share on other sites
AnDyTaN 0 Report post Posted December 14, 2006 Yea i did,after that i went back to normal mode and click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" I then went back to safe mode and ran Hijackthis and checked all the followings that you stated.I restarted and went back to normal mode, looks like the critical system error popup is gone for good now! Anyway here's the logfile Logfile of HijackThis v1.99.1 Scan saved at 8:21:58 PM, on 12/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\ATITool\ATITool.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Eset\nod32krn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\WgaTray.exe C:\Documents and Settings\Administrator\Desktop\Antivirus stuff\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [inCD] "C:\Program Files\Ahead\InCD\InCD.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TaskSwitchXP] "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 14, 2006 Hey,AnDyTaN Sorry about that it's just you move to fast for me. Next To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Next, let's clean your restore points and set a new one Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. * On the Desktop, right-click My Computer. * Click Properties. * Click the System Restore tab. * CHECK Turn off System Restore. * Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. * On the Desktop, right-click My Computer. * Click Properties. * Click the System Restore tab. * UN-Check Turn off System Restore. * Click Apply, and then click OK. System Restore will now be active again. Then create a new restore point once you have System Restore back on. To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore. When the System Restore Utility opens, click "Create a Restore Point" then click Next. Enter a name for this Restore Point, and click Create. Clean out your Temporary Internet files. Internet Explorer Close Internet Explorer and close any instances of Windows Explorer. Click Start -> Control Panel and then double-click Internet Options. On the General tab, click Delete Files under Temporary Internet Files. In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK. On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK. Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK. Click OK. Firefox (In case you also have Firefox installed) Open Firefox and go to Tools -> Options. Click Privacy in the menu on the left side of the Options window. Click the Clear button located to the right of each option (History, Cookies, Cache). Click OK to close the Options window. Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. Make your Internet Explorer more secure - This can be done by following these simple instructions: 1. From within Internet Explorer click on the Tools menu and then click on Options. 2. Click once on the Security tab 3. Click once on the Internet icon so it becomes highlighted. 4. Click once on the Custom Level button. a. Change the Download signed ActiveX controls to Prompt b. Change the Download unsigned ActiveX controls to Disable c . Change the Initialize and script ActiveX controls not marked as safe to Disable d. Change the Installation of desktop items to Prompt e. Change the Launching programs and files in an IFRAME to Prompt f. Change the Navigate sub-frames across different domains to Prompt g. When all these settings have been made, click on the OK button. h. If it prompts you as to whether or not you want to save the settings, press the Yes button. 5. Next press the Apply button and then the OK to exit the Internet Properties page. And last have a look at the great info at this site by Mr,Tk So how did I get infected in the first place Gogo Share this post Link to post Share on other sites
AnDyTaN 0 Report post Posted December 14, 2006 Ok i did all that, thx for helping me your really really great. One day i hope to be like u guys helping the inexperienced people Share this post Link to post Share on other sites
HJThis 0 Report post Posted December 14, 2006 Hi,AnDyTaN No problem you did all the work. Gogo Share this post Link to post Share on other sites
