Jump to content
Sign in to follow this  
NascarFan19

HJT Log

Recommended Posts

I had no clue my bleeping machine was so bad that it would take all these little proggies to fix it. You are both very patient, and very kind. :adios:

 

 

 

C:\WINDOWS\system32\mljjg.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\WinFlyer32.dll

C:\WINDOWS\system32\WinFlyer32.dll NOT unregistered.

C:\WINDOWS\system32\WinFlyer32.dll moved successfully.

C:\DOCUME~1\Cecil\APPLIC~1\.wyzo moved successfully.

File/Folder not found.

File/Folder not found.

 

Created on 04/10/2007 21:28:11

Share this post


Link to post
Share on other sites

You ran into some nasty stuff! :(

 

I want you to delete the Combofix.exe that you downloaded earlier and replace it with a new copy

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

Also, let's make sure you don't have a bot in that mix.

 

Download

SDFix

and save it to your Desktop.

 

Double click SDFix.exe and choose Install to extract it to its

own folder on the Desktop. Please then reboot your computer in Safe

Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the

    Windows icon appears, tap the F8 key continually;

  • Instead of Windows loading as normal, the Advanced Options Menu should

    appear;

  • Select the first option, to run Windows in Safe Mode, then press

    Enter.

  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to

    start the script.

  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt

    you to press any key to Reboot.

  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal

    process then display Finished, press any key to end the script and

    load your desktop icons.

  • Once the desktop icons load the SDFix report will open on screen and

    also save into the SDFix folder as Report.txt.

  • Finally copy and paste the contents of the results file

    Report.txt back onto the forum with a new HijackThis log and a fresh Combofix log

Share this post


Link to post
Share on other sites

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

 

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

"Cecil" - 07-04-11 23:28:20 Service Pack 2

ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Cecil\Desktop"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Cecil\Desktop.\internet explorer.lnk

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 ))))))))))))))))))))))))))))))))))

 

 

2007-04-09 22:22 <DIR> d-------- C:\Program Files\IrfanView

2007-04-08 18:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-04-08 01:15 796 --a------ C:\WINDOWS\system32\tmp.reg

2007-04-08 01:14 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe

2007-04-08 01:14 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-04-08 01:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-04-08 01:14 40,960 --a------ C:\WINDOWS\system32\swsc.exe

2007-04-08 01:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-04-08 01:14 135,168 --a------ C:\WINDOWS\system32\swreg.exe

2007-04-07 20:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-04-07 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-04-07 16:04 <DIR> d-------- C:\a9de6da54b6c4e208c48

2007-04-07 15:16 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Xdrive

2007-04-06 23:33 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys

2007-04-06 23:30 <DIR> d-------- C:\Program Files\Common Files\Merge Modules

2007-04-06 23:29 55,808 --a------ C:\WINDOWS\system32\zlib1.dll

2007-04-06 23:29 <DIR> d-------- C:\Program Files\Xdrive

2007-04-06 23:29 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\InstallShield

2007-04-06 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-04-01 22:24 <DIR> d-------- C:\VundoFix Backups

2007-04-01 00:37 <DIR> d-------- C:\HJT Log

2007-03-27 23:16 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free

2007-03-27 23:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-03-27 23:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-03-27 21:16 0 --a------ C:\WINDOWS\system32\taskkill.exe

2007-03-25 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-03-25 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-03-16 20:00 <DIR> d-------- C:\e4d93996ebf690fc2a909c5a7c

2007-03-15 22:09 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys

2007-03-15 22:09 <DIR> d-------- C:\My Music

2007-03-15 22:08 <DIR> d-------- C:\Program Files\Real

2007-03-12 23:37 <DIR> d-------- C:\DOCUME~1\Cecil\APPLIC~1\Real

2007-03-12 23:32 <DIR> d-------- C:\My Downloads

2007-03-11 13:28 <DIR> dr------- C:\2006 Tax Returns

2007-03-11 12:24 <DIR> d-------- C:\help

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-10 21:33 -------- d-------- C:\Program Files\pcpitstop

2007-04-08 18:08 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-04-06 23:29 -------- d--h----- C:\Program Files\installshield installation information

2007-04-06 09:54 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\weatherbug

2007-04-05 21:34 -------- d-------- C:\Program Files\java

2007-03-31 22:00 -------- d-------- C:\Program Files\spywareblaster

2007-03-22 00:16 -------- d-------- C:\Program Files\partygaming.net

2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-15 22:09 -------- d-------- C:\Program Files\Common Files\real

2007-03-08 22:18 -------- d-------- C:\Program Files\wavman 11

2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-04 02:57 -------- d-------- C:\Program Files\nch swift sound

2007-03-04 02:57 -------- d-------- C:\DOCUME~1\Cecil\APPLIC~1\nch swift sound

2007-02-24 13:25 -------- d-------- C:\Program Files\eusing free registry cleaner

2007-02-17 13:21 -------- d-------- C:\Program Files\gimpshop

2007-02-11 20:13 -------- d-------- C:\Program Files\limewire

2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

2007-01-14 19:55 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll

2007-01-14 19:55 118784 --a------ C:\WINDOWS\system32\pdfmona.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{4D7C8A39-430F-4091-B9BF-3173DFA06DA0}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=dword:00000000

"NoResolveSearch"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

C:\WINDOWS\tasks\Xdrive Backup - Backup Set 1.job

 

 

********************************************************************

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

********************************************************************

 

Completion time: 07-04-11 23:33:28

C:\ComboFix-quarantined-files.txt ... 07-04-11 23:33

C:\ComboFix2.txt ... 07-04-11 23:10

C:\ComboFix3.txt ... 07-04-08 19:27

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:34:24 PM, on 4/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HJT Log\Nascarfan.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

Share this post


Link to post
Share on other sites

:blushing: Errrrrah This be the one? :blushing::blushing:

 

 

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Share this post


Link to post
Share on other sites

I knew that :laughing:

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Dang!! I did it again!! BRB :)

 

 

Hey....this IS the SDFix file. no?

Edited by NascarFan19

Share this post


Link to post
Share on other sites

When I boot into Safe Mode, I execute the SDFix and run it. It then posts a report called Catchme something. I SWEAR I do. :blushing:

 

I wonder what the blazes I am doing wrong.

Share this post


Link to post
Share on other sites

Calling NascarFan19....please return to your seat! :lol:

 

Let's don't worry about the SDfix. Update AVG-Antispyware. Re-scan following my earlier directions, post the log and a new HJT log.

 

Also let me know if you've had any problems in the last 48 hours.

Share this post


Link to post
Share on other sites

Here I Is!! :P

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 3:29:54 AM 4/15/2007

 

+ Scan result:

 

 

 

Nothing found.

 

 

::Report end

 

Logfile of HijackThis v1.99.1

Scan saved at 10:32:35 AM, on 4/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT Log\HJT Log.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.pcpitstop.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

 

The AVG scan removed my wallpaper, Is it ok to put it back yet?

Share this post


Link to post
Share on other sites

You appear to be clean.

 

Where did you get your wallpaper? This is the first I've heard of AVG-AS removing one.

Share this post


Link to post
Share on other sites

It is a picture of my Granddaughter. It did the same thing on an earlier scan. It is easily put back up. No big deal. One of the instructions using the AVG Scan was to go to Display and click on Desktop....then Customize Desktop button...then click on Web tab. In there is where it took it off. Again, no problem adding it back now that I have a clean bill of health from Doc Jacee. :P

 

Also, everything seems to be fine now. Nothing popping up or acting weird. Are all cleansings as complicated as mine was? Seems like I have done HJTlogs before that were simpler. I must have had a few "meanies" on board.

 

Thank you very much for your devoted and time and knowledge. You are an asset to the PIT!

 

Have one on me. :b33r:

Share this post


Link to post
Share on other sites

Thank you :)

 

Please follow these simple steps in order to keep your computer clean and secure:

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

     

    See this link for a listing of some online & their stand-alone antivirus programs:

     

    Virus, Spyware, and Malware Protection and Removal Resources

     

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

     

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

     

    For a tutorial on Firewalls and a listing of some available ones see the link below:

     

    Understanding and Using Firewalls

     

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

     

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

     

    A tutorial on installing & using this product can be found here:

     

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

     

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

     

    A tutorial on installing & using this product can be found here:

     

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

     

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

     

    A tutorial on installing & using this product can be found here:

     

    Using SpywareBlaster to protect your computer from Spyware and Malware

     

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

 

You will want to finish cleaning now by removing your restore points and starting fresh with them.

Please do this:

 

Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...