Several issues: Popups; spontaneous explorer pages open to ebay or other commercial sites, all my emails show up as blank when I open them, compturer is slowed up, computer closes with 60 seconds notice witha message "services and controller app has encountered a problem" (then another message saying it will be closed by the NT authority in 50 secs), other problems.
Here is my AVG LOG(followed by my hHijackthis log):
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:10:18 PM 4/3/2007
+ Scan result:
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP348\A0033327.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044701.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP364\A0052882.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044702.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044691.exe -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044692.exe -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP349\A0033359.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044700.sys -> Rootkit.Agent.dh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044697.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044693.exe -> Worm.Zhelatin.ce : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044694.exe -> Worm.Zhelatin.ce : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044695.exe -> Worm.Zhelatin.ce : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__a_d_i_r_k_a_._e_x_e_ -> Worm.Zhelatin.ce : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B07054B-0478-43FC-AADE-A408449A14C3}\RP361\A0044699.exe -> Worm.Zhelatin.cf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sca.exe -> Worm.Zhelatin.cg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smt.exe -> Worm.Zhelatin.cg : Cleaned with backup (quarantined).
::Report end
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:40:52 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ipwindows\ipwins.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6CAAFCFF-0D0D-7E90-DFA0-07121518D152} - C:\WINDOWS\system32\wvtetoi.dll
O2 - BHO: (no name) - {6E9A8865-44A0-1154-A34B-67E3389FFFC9} - C:\WINDOWS\system32\dhthkbei.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: 0 - {A3EC8848-59D5-41B4-CF82-DB69B8462960} - C:\Program Files\Internet Explorer\qucaw.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay11...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136866715612
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151131197821
O17 - HKLM\System\CCS\Services\Tcpip\..\{22977208-5E3F-4CEF-AE28-C78E5F2BB5EF}: NameServer = 85.255.116.94 85.255.112.88
O17 - HKLM\System\CS3\Services\Tcpip\..\{22977208-5E3F-4CEF-AE28-C78E5F2BB5EF}: NameServer = 85.255.116.94 85.255.112.88
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjre32 - winjre32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Edited by Mike H, 04 April 2007 - 01:45 AM.