WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Avg Picked Up An Unwanted Programme
Started by
rob_dav
, Jun 15 2007 03:02 PM
-
This topic is locked
10 replies to this topic
#1
rob_dav
-
- New Member
-
- 5 posts
New Member
Posted 15 June 2007 - 03:02 PM
Register to Remove
#2
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 16 June 2007 - 02:04 PM
Hello and Welcome to the forum.
I suggest you do this:
Download ComboFix from Here or Here to your Desktop.
I suggest you do this:
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you, combofix.txt.Post that log and a HiJackthis log in your next reply
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#3
rob_dav
-
- New Member
-
- 5 posts
New Member
Posted 17 June 2007 - 11:07 AM
Thanks for the reply! Not to sure if my pc is actually infected but want to make sure!
My combofix log file is as follows:
ComboFix 07-06-17 - C:\Documents and Settings\Robert\Desktop\ComboFix.exe
"Robert" - 2007-06-17 17:59:34 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))
2007-06-17 17:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 17:41 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-17 17:38 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-17 17:37 <DIR> d-------- C:\Program Files\MSBuild
2007-06-17 17:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-17 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-17 00:30 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Ahead
2007-06-17 00:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-17 00:28 <DIR> d-------- C:\Program Files\Nero
2007-06-17 00:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-17 00:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-17 00:26 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-06-15 19:48 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2007-06-15 19:48 <DIR> d-------- C:\Program Files\Art Explosion
2007-06-15 19:45 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-06-15 19:41 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9821.sys
2007-06-15 19:41 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-14 14:43 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\BitTorrent
2007-06-14 14:42 <DIR> d-------- C:\Program Files\BitTorrent
2007-06-08 00:44 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-07 22:56 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Nokia Multimedia Player
2007-06-06 23:38 <DIR> d-------- C:\Program Files\DivX
2007-06-03 23:20 991,232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-06-03 23:20 332,288 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-06-03 23:20 294,912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-03 23:20 282,624 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-06-03 23:20 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-06-03 23:20 2,564,096 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-06-03 23:20 2,260,992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-03 23:20 196,608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-03 23:20 194,048 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-03 23:20 139,264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-03 23:20 126,464 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-03 23:20 106,496 --a------ C:\WINDOWS\system32\NCTVideoCoreU.dll
2007-06-03 23:20 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-06-03 23:20 1,810,432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-03 23:20 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-06-03 22:46 <DIR> d-------- C:\DOCUME~1\Robert\Phone Browser
2007-06-03 22:43 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Nokia
2007-06-03 22:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-03 22:42 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-03 22:42 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-03 22:42 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-03 22:42 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-03 22:42 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-03 22:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 22:42 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-06-03 22:42 <DIR> d-------- C:\Program Files\DIFX
2007-06-03 22:42 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-06-03 22:42 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-06-03 22:42 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\PC Suite
2007-06-03 22:41 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-06-03 22:41 <DIR> d-------- C:\Program Files\Nokia
2007-06-03 22:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-06-03 21:54 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-06-01 23:21 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-06-01 20:58 <DIR> d-------- C:\Program Files\Tanagra
2007-06-01 20:58 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Tanagra
2007-06-01 20:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tanagra
2007-06-01 20:57 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-06-01 20:56 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-01 20:41 <DIR> d--hs---- C:\RECYCLER
2007-06-01 13:22 <DIR> d-------- C:\Program Files\Gabest
2007-06-01 13:22 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-05-31 23:41 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\InterVideo
2007-05-31 23:39 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-05-31 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
2007-05-31 23:38 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-05-31 23:37 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-05-31 23:37 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-05-31 23:37 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-05-31 23:37 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-05-31 23:37 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-05-31 23:37 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-05-31 23:37 <DIR> d-------- C:\Program Files\InterVideo
2007-05-31 23:29 <DIR> d-------- C:\My Video
2007-05-31 23:27 1 --a------ C:\WINDOWS\system32\SysDVDtoAVI.dat
2007-05-31 20:50 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Comodo
2007-05-31 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-05-31 20:48 <DIR> d-------- C:\Program Files\iTunes
2007-05-31 20:48 <DIR> d-------- C:\Program Files\iPod
2007-05-31 20:48 <DIR> d-------- C:\Program Files\Comodo
2007-05-31 20:48 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Apple Computer
2007-05-31 20:47 <DIR> d-------- C:\Program Files\QuickTime
2007-05-31 20:47 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-31 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-31 20:35 <DIR> d-------- C:\Program Files\LimeWire
2007-05-31 20:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-31 20:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-31 20:20 <DIR> dr-h----- C:\MSOCache
2007-05-31 20:18 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-31 20:18 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-31 19:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-31 18:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-31 18:56 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-05-31 18:56 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-31 18:56 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-05-31 18:56 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-05-31 18:55 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-31 18:55 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-16 17:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-16 17:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 08:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 08:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 15:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 20:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-13 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 08:58 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 11:39 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 04:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-01 09:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-31 20:48]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-05-13 00:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 00:11]
"WhenUSave"="C:\Program Files\Save\Save.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9205385a-1b70-11dc-9497-0016ec188b8a}]
AutoRun\command- E:\Setup.exe
Contents of the 'Scheduled Tasks' folder
2007-05-31 19:47:45 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 18:01:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-17 18:02:06
--- E O F ---
and my hijackthis log is:
Logfile of HijackThis v1.99.1
Scan saved at 18:04:53, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
My combofix log file is as follows:
ComboFix 07-06-17 - C:\Documents and Settings\Robert\Desktop\ComboFix.exe
"Robert" - 2007-06-17 17:59:34 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))
2007-06-17 17:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 17:41 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-17 17:38 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-17 17:37 <DIR> d-------- C:\Program Files\MSBuild
2007-06-17 17:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-17 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-17 00:30 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Ahead
2007-06-17 00:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-17 00:28 <DIR> d-------- C:\Program Files\Nero
2007-06-17 00:28 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-17 00:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-17 00:26 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-06-15 19:48 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2007-06-15 19:48 <DIR> d-------- C:\Program Files\Art Explosion
2007-06-15 19:45 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-06-15 19:41 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9821.sys
2007-06-15 19:41 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-14 14:43 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\BitTorrent
2007-06-14 14:42 <DIR> d-------- C:\Program Files\BitTorrent
2007-06-08 00:44 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-07 22:56 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Nokia Multimedia Player
2007-06-06 23:38 <DIR> d-------- C:\Program Files\DivX
2007-06-03 23:20 991,232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-06-03 23:20 332,288 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-06-03 23:20 294,912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-03 23:20 282,624 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-06-03 23:20 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-06-03 23:20 2,564,096 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-06-03 23:20 2,260,992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-03 23:20 196,608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-03 23:20 194,048 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-03 23:20 139,264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-03 23:20 126,464 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-03 23:20 106,496 --a------ C:\WINDOWS\system32\NCTVideoCoreU.dll
2007-06-03 23:20 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-06-03 23:20 1,810,432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-03 23:20 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-06-03 22:46 <DIR> d-------- C:\DOCUME~1\Robert\Phone Browser
2007-06-03 22:43 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Nokia
2007-06-03 22:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-03 22:42 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-03 22:42 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-03 22:42 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-03 22:42 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-03 22:42 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-03 22:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 22:42 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-06-03 22:42 <DIR> d-------- C:\Program Files\DIFX
2007-06-03 22:42 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-06-03 22:42 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-06-03 22:42 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\PC Suite
2007-06-03 22:41 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-06-03 22:41 <DIR> d-------- C:\Program Files\Nokia
2007-06-03 22:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-06-03 21:54 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-06-01 23:21 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-06-01 20:58 <DIR> d-------- C:\Program Files\Tanagra
2007-06-01 20:58 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Tanagra
2007-06-01 20:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tanagra
2007-06-01 20:57 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-06-01 20:56 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-01 20:41 <DIR> d--hs---- C:\RECYCLER
2007-06-01 13:22 <DIR> d-------- C:\Program Files\Gabest
2007-06-01 13:22 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-05-31 23:41 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\InterVideo
2007-05-31 23:39 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-05-31 23:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
2007-05-31 23:38 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-05-31 23:37 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-05-31 23:37 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-05-31 23:37 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-05-31 23:37 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-05-31 23:37 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-05-31 23:37 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-05-31 23:37 <DIR> d-------- C:\Program Files\InterVideo
2007-05-31 23:29 <DIR> d-------- C:\My Video
2007-05-31 23:27 1 --a------ C:\WINDOWS\system32\SysDVDtoAVI.dat
2007-05-31 20:50 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Comodo
2007-05-31 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-05-31 20:48 <DIR> d-------- C:\Program Files\iTunes
2007-05-31 20:48 <DIR> d-------- C:\Program Files\iPod
2007-05-31 20:48 <DIR> d-------- C:\Program Files\Comodo
2007-05-31 20:48 <DIR> d-------- C:\DOCUME~1\Robert\APPLIC~1\Apple Computer
2007-05-31 20:47 <DIR> d-------- C:\Program Files\QuickTime
2007-05-31 20:47 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-31 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-31 20:35 <DIR> d-------- C:\Program Files\LimeWire
2007-05-31 20:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-31 20:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-31 20:20 <DIR> dr-h----- C:\MSOCache
2007-05-31 20:18 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-31 20:18 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-31 19:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-31 18:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-31 18:56 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-05-31 18:56 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-31 18:56 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-05-31 18:56 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-05-31 18:55 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-31 18:55 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-16 17:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-16 17:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 08:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 08:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 15:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 20:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-13 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 08:58 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 11:39 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 04:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-01 09:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-31 20:48]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-05-13 00:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-02 00:11]
"WhenUSave"="C:\Program Files\Save\Save.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9205385a-1b70-11dc-9497-0016ec188b8a}]
AutoRun\command- E:\Setup.exe
Contents of the 'Scheduled Tasks' folder
2007-05-31 19:47:45 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 18:01:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-17 18:02:06
--- E O F ---
and my hijackthis log is:
Logfile of HijackThis v1.99.1
Scan saved at 18:04:53, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
#4
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 June 2007 - 12:11 PM
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
It's normal after running ATF cleaner that the PC will be slower to boot the first time.
Next:
Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
It's normal after running ATF cleaner that the PC will be slower to boot the first time.
Next:
Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
and double-click it to launch the set up program. - Once the setup is complete you will need run ewido and update the definition
files. - On the main screen select the icon "Update" then select the "
Update now" link.- Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
- Next select the "Start Update" button, the update will start and a
- Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab. - Once in the Settings screen click on "Recommended actions" and then
select " "Quarantine" .". - Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Reboot your computer into SafeMode
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or
programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
- Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan". - ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all
actions" - Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important). - Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the
results of the AVG Anti-Spyware report scan along with a new HijackThis log.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
rob_dav
-
- New Member
-
- 5 posts
New Member
Posted 17 June 2007 - 04:03 PM
Thanks! Ive done all that. But avg wouldnt save a report, should i try it again?
It said it found a virtumonde and a downloader but couldnt quartine them due to being embedded in the restore files.
My hijack this log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 23:00:45, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
It said it found a virtumonde and a downloader but couldnt quartine them due to being embedded in the restore files.
My hijack this log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 23:00:45, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
#6
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 June 2007 - 04:10 PM
We'll get rid of the bad ones in restore files later 
Please do not delete anything unless instructed to.
1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
WhenUSave
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these File if listed:
C:\Program Files\Save\Save.exe
Delete these Folder if listed:
C:\Program Files\Save
Empty Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
Please do not delete anything unless instructed to.
1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
WhenUSave
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these File if listed:
C:\Program Files\Save\Save.exe
Delete these Folder if listed:
C:\Program Files\Save
Empty Recycle Bin
Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#7
rob_dav
-
- New Member
-
- 5 posts
New Member
Posted 17 June 2007 - 05:20 PM
The log file:
Logfile of HijackThis v1.99.1
Scan saved at 00:18:22, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
My computer is running slower than usual, however my firewall is logging many high severity events compared to 0 before all this.
Logfile of HijackThis v1.99.1
Scan saved at 00:18:22, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
My computer is running slower than usual, however my firewall is logging many high severity events compared to 0 before all this.
#8
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 June 2007 - 05:37 PM
You need to update SunJava.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.
Sun Java Test
http://www.java.com/...d/installed.jsp
Then do this and let me know how it's running.
You can remove any programs / Tools I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.
You need to create a new Clean restore point.
Note: This will remove all previous Restore Points
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer, turn it back on.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.
- Scroll down to where it says Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the
icon next to it.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on 6-windowsi586-p.exe to install the newest version.
Sun Java Test
http://www.java.com/...d/installed.jsp
Then do this and let me know how it's running.
You can remove any programs / Tools I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.
You need to create a new Clean restore point.
Note: This will remove all previous Restore Points
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer, turn it back on.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#9
rob_dav
-
- New Member
-
- 5 posts
New Member
Posted 17 June 2007 - 06:09 PM
All seems well do you require another hijack log file?
Thank you for your help!
do you require another hijack log file?
Thank you for your help!
#10
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 June 2007 - 06:23 PM
Nope, you're ready to go
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#11
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 June 2007 - 06:24 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
