Jump to content

eupdatepage.com Problem


Recommended Posts

Hi,

 

Everytime i open up my homepage i get redirected to eupdatepage.com

 

This is my HiJackThis log file.

 

 

Thanks

 

Logfile of HijackThis v1.99.1

Scan saved at 5:49:41 PM, on 11/17/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ishost.exe

C:\WINDOWS\system32\issearch.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ismini.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\HiJack This\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt3.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - Global Startup: Wireless Configuration Utility (2).lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winexy32 - C:\WINDOWS\SYSTEM32\winexy32.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Link to post
Share on other sites

Welcome to the forum, please follow these directions.

 

1) The junk will attract more, keep offline as much as possible until you are clean.

 

2) Follow the instructions in this link:

http://siri.geekstogo.com/SmitfraudFix.php

Thanks to S!Ri, and any others who helped with this fix.

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

 

Search:

Double-click smitfraudfix.cmd

Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

 

Save that report, I wish to see it, there is no doubt you have the infections so move on to

 

Clean:

Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

Double-click smitfraudfix.cmd

Select 2 and hit Enter to delete infect files.

You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

 

and Optional:

To restore Trusted and Restricted site zone, select 3 and hit Enter.

You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

 

Note:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

 

Post the two reports from Smitfraudfix and a new HJT log. I will respond with directions as soon as possible after that.

Please use "New Reply" and do not quote or code, copy and paste all replies.

 

Thanks

Link to post
Share on other sites

Thank you for your help.

 

This is the original report before cleaning:

 

SmitFraudFix v2.122

 

Scan done at 11:44:20.53, Sat 11/18/2006

Run from C:\Program Files\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\cfltygd.dll FOUND !

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\issearch.exe FOUND !

C:\WINDOWS\system32\ixt?.dll FOUND !

C:\WINDOWS\system32\ixt??.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darryl

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darryl\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Darryl\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="http://pics.ebaystatic.com/aw/pics/s.gif"

"SubscribedURL"="http://pics.ebaystatic.com/aw/pics/s.gif"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

This is the report after cleaning process:

 

SmitFraudFix v2.122

 

Scan done at 12:03:51.15, Sat 11/18/2006

Run from C:\Program Files\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\cfltygd.dll Deleted

C:\WINDOWS\system32\ishost.exe Deleted

C:\WINDOWS\system32\ismini.exe Deleted

C:\WINDOWS\system32\issearch.exe Deleted

C:\WINDOWS\system32\ixt?.dll Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\components\flx?.dll Deleted

C:\WINDOWS\system32\components\flx??.dll Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

This is the HJT report:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:11:09 PM, on 11/18/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\HPBPRO.EXE

C:\Program Files\HiJack This\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - Global Startup: Wireless Configuration Utility (2).lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winexy32 - C:\WINDOWS\SYSTEM32\winexy32.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

 

Thanks again for your support

Edited by gen3sis!
Link to post
Share on other sites

Thanks for returning your information, one more nasty that did not go with the rest:

 

http://www.google.com/search?sourceid=navc...=winexy32%2edll

O20 - Winlogon Notify: winexy32 - C:\WINDOWS\SYSTEM32\winexy32.dll

 

I also suggest you remove DAP from your computer, read this: http://www.greatis.com/appdata/u/d/dap.exe.htm

 

I would like to run a good Spyware tool to make sure nothing is hiding also if it works for you. Let's do this.

 

1) Please download ATF Cleaner by Atribune

http://www.atribune.org/content/view/25/2/

Save it to your Desktop. We will use this later.

 

2) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender, Click on Tools, General Settings.

Scroll down and uncheck Turn on real-time protection (recommended).

After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

 

3) How to use the Delete on Reboot tool

http://www.bleepingcomputer.com/tutorials/...l42.html#delreb

Start Hijackthis

Click on the Config button

Click on the Misc Tools button

Click on the button labeled Delete a file on reboot...

A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\SYSTEM32\winexy32.dll and click on it once, and then click on the Open button.

You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

 

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

 

(check and remove this advanced option if you did not set it)

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: winexy32 - C:\WINDOWS\SYSTEM32\winexy32.dll

 

Close all programs but HJT and all browser windows, then click on "Fix Checked"

 

5) Follow the instructions exactly in this link. Make sure you delete or at least quarantine what is located and save the Report-Scan.txt to post for me.

http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/

Thanks to John McKenna for the tutorial

 

6) Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.

Click Select All found at the bottom of the list.

Click the Empty Selected button.

Click Exit on the Main menu to close the program.

 

Restart the computer and post the Report-Scan.txt from AVG AS and a new HJT log. Let me know how the computer is running now.

 

Thanks

Link to post
Share on other sites

This is the AVG anti spyware report

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 5:43:10 PM 11/18/2006

 

+ Scan result:

 

 

 

HKU\S-1-5-21-1078081533-1801674531-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{A0BBA462-2178-42B5-A81E-BB4E139840CE}\RP223\A0068547.dll -> Downloader.Zlob.akg : Cleaned with backup (quarantined).

C:\Documents and Settings\Darryl\My Documents\Downloads\7f36af96fe8c2820836eaa8137b4998c_35.exe.dap -> Dropper.Small.aua : Cleaned with backup (quarantined).

C:\Documents and Settings\Darryl\Local Settings\Temporary Internet Files\Content.IE5\AUJG5NC1\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{A0BBA462-2178-42B5-A81E-BB4E139840CE}\RP237\A0070745.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Ignored.

C:\System Volume Information\_restore{A0BBA462-2178-42B5-A81E-BB4E139840CE}\RP223\A0068549.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Ignored.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected]2dj6wfkoknc5ago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\Darryl\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Gamershell : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Gamershell : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][2].txt -> TrackingCookie.Yadro : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Darryl\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.

C:\System Volume Information\_restore{A0BBA462-2178-42B5-A81E-BB4E139840CE}\RP240\A0070839.dll -> Trojan.Agent.neq : Cleaned with backup (quarantined).

C:\Documents and Settings\Darryl\Local Settings\Temporary Internet Files\Content.IE5\ULZWVHD4\antzom[1].exe -> Trojan.Agent.vg : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win9.tmp -> Trojan.Agent.vg : Cleaned with backup (quarantined).

 

 

::Report end

 

This is the HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 5:55:50 PM, on 11/18/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\HiJack This\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - Global Startup: Wireless Configuration Utility (2).lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

 

Thanks again for your support

Link to post
Share on other sites

Let me know how the computer is running now.

Looks clean, be nice to hear from you though, let's do this now.

 

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually. If you keep this free scanner. make sure you clean the quarantine folder, you put some junk in there.

 

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:

http://forums.spybot.info/showthread.php?t=279

http://russelltexas.com/malware/allclear.htm

http://forum.malwareremoval.com/viewtopic.php?t=14

http://www.bleepingcomputer.com/forums/topict2520.html

http://cybercoyote.org/security/not-admin.shtml

 

Thanks...pskelley

Trusted HJT Advisor

PCPitStop forum

http://pcpitstop.com/about/supportus.asp

If you are reading this information...thank a teacher,

If you are reading it in English...thank a soldier.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...