Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Wtf i need major help now
   
BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Wtf i need major help now  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Wtf i need major help now
[ << Previous Thread | Next Thread >> ]

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 8:54 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
ok well i got infected yesterday and i dont think that i can send in my log or whatever
also its very hard to access the internet or much of anything really
its running REALLY slow
but i'm maintaining
 
I've got the bullguard trial right now
 
I've got some Adware and some trojans
 
a long time ago i restarted my computer and it froze up
and said fatal error
and restarted
 
after that it started fine
but ALL these pop ups started showing up
like 50 at a time
 
and ever since then its been slow and barely able to do anything
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13649
  		   Posted 7-5-2006 9:05 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
Hey Caspian
 
 
 
If/when you are able to it, please post a log file
 
 
1. Get newest Hijackthis from http://danborg.org/spy/hjt/alternativ.exe
Another name for Hijackthis exe

2 Install it in a PERMANENT folder! Example : c:\hijackthis\

3 Run hijackthis (alternativ).

Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.
    
     Post hijackthis  log here

Regards - Touch   idea
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 9:36 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\WL0NC90F\alternativ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS1\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://delspysoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS1\system32\awtqq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS1\system32\mllmj.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: SDWin32 Class - {DC5BB0E4-280D-408B-9D78-67F771AC4ED3} - C:\WINDOWS1\System32\nnrxj.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer.exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/034ae9af1b03bee7b015/netzip/RdxIE601.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS1\system32\awtqq.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS1\SYSTEM32\mllmj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS1\SYSTEM32\WgaLogon.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13649
  		   Posted 7-5-2006 9:54 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
You´ve certainly got some infections ;-)




Please download free  Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program



Download and install:  http://www.filehippo.com/download_ccleaner/
For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:
Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:
Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup



 Go to Start  - Control Panel  -  Add-Remove Programs
Remove the following if found or any variation:
WinAntiVirus Pro
Viewpoint Manager
Zango Toolbar



Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.




Reboot into Safe  Mode   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.






Open Ccleaner.
1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
2. A pop up box will appear advising this process will permanently delete files from your system.
3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.





Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, let it Reboot


Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
And Find:
superantispyware log
 
Post this log along with fresh hijackthis log and tell how things are running












Regards - Touch   idea
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 11:15 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
ok well
 
i did everything exactly as you said
 
but
 
i cant start up in normal mode
 
im in safe mode with netorking right now so tell me what
i can do
Back to Top
 

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 11:23 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
heres my spyware
 
SUPERAntiSpyware Scan Log
Generated 07/05/2006 at 05:51 AM
Core Rules Database Version : 2847
Trace Rules Database Version: 1028
Memory threats detected   : 2
Registry threats detected : 99
File threats detected     : 71
Adware.Vundo Variant
 C:\WINDOWS1\SYSTEM32\AWTQQ.DLL
 C:\WINDOWS1\SYSTEM32\AWTQQ.DLL
 HKLM\Software\Classes\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}#AppID
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}\InprocServer32
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}\ProgID
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}\Programmable
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}\TypeLib
 HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}\VersionIndependentProgID
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtqq
 HKCR\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}
Unclassified.Unknown Origin
 C:\WINDOWS1\SYSTEM32\MLLMJ.DLL
 C:\WINDOWS1\SYSTEM32\MLLMJ.DLL
 HKLM\Software\Classes\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}
 HKCR\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}
 HKCR\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}\InprocServer32
 HKCR\CLSID\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}\InprocServer32#ThreadingModel
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADCD30FF-0119-4906-8A8B-D52D1EED044B}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ADCD30FF-0119-4906-8A8B-D52D1EED044B}
 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mllmj
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088444.exe
 C:\WINDOWS1\system32\gebyw.dll
 C:\WINDOWS1\system32\vtsqq.dll
 C:\WINDOWS1\system32\vtutr.dll
Trojan.WinAntiSpyware/WinAntiVirus 2006
 HKLM\Software\Classes\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
 HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
 HKCR\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}\InprocServer32
 C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
 HKCR\WAP6.PCheck
 HKCR\WAP6.PCheck\CLSID
 HKCR\WAP6.PCheck\CurVer
 HKCR\WAP6.PCheck.1
 HKCR\WAP6.PCheck.1\CLSID
 HKCR\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\InprocServer32#ThreadingModel
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\ProgID
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\Programmable
 HKCR\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}\VersionIndependentProgID
 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
 HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
 HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
 HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
 HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
 HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
 HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
 HKU\S-1-5-21-1659004503-1677128483-725345543-1003\Software\WinAntiVirus Pro 2006
 C:\WINDOWS1\system32\stera.job
 C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll
 C:\Program Files\Common Files\WinAntiVirus Pro 2006
 C:\Program Files\WinAntiVirus Pro 2006\alerts.txt
 C:\Program Files\WinAntiVirus Pro 2006
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\WinAntiVirus Pro 2006\Logs\update.log
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\WinAntiVirus Pro 2006\Logs
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\WinAntiVirus Pro 2006\PGE.dat
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\WinAntiVirus Pro 2006
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP361\A0095920.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP361\A0095932.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP361\A0096004.dll
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP361\A0096005.exe
Trojan.WinSoftware/WinFixer
 HKLM\Software\Classes\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
 HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
 HKCR\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}\InprocServer32
 C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
SWin32 Module BHO
 HKLM\Software\Classes\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}\InprocServer32
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}\InprocServer32#ThreadingModel
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}\ProgID
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}\Programmable
 HKCR\CLSID\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}\VersionIndependentProgID
 C:\WINDOWS1\System32\nnrxj.dll
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC5BB0E4-280D-408B-9D78-67F771AC4ED3}
Adware.Zango Toolbar
 HKLM\Software\Classes\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}#AppID
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\InprocServer32
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\InprocServer32#ThreadingModel
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\ProgID
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\Programmable
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\TypeLib
 HKCR\CLSID\{EA0D26BD-9029-431A-86E0-83152D67828A}\VersionIndependentProgID
 C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
 HKLM\Software\Microsoft\Internet Explorer\Toolbar#{EA0D26BD-9029-431A-86E0-83152D67828A}
 HKCR\ZangoToolbar.ZCToolBand.1
 HKCR\ZangoToolbar.ZCToolBand.1\CLSID
 HKCR\ZangoToolbar.ZCToolBand
 HKCR\ZangoToolbar.ZCToolBand\CLSID
 HKCR\ZangoToolbar.ZCToolBand\CurVer
 HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}
 HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0
 HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\0
 HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\0\win32
 HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\FLAGS
 HKCR\TypeLib\{01BF19C2-59D3-43E9-A2CC-C2D62D8878D3}\1.0\HELPDIR
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP352\A0086054.dll
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP358\A0090708.dll
Adware.180solutions/ZangoSearch
 HKLM\Software\Zango Programs
 HKLM\Software\Zango Programs\Zango Toolbar
 HKLM\Software\Zango Programs\Zango Toolbar#ToolbarMoved
 HKLM\Software\Zango Programs\Zango Toolbar#SearchURL
 HKLM\Software\Zango Programs\Zango Toolbar#UpdateDate
 HKLM\Software\Zango Programs\Zango Toolbar\History
 HKCR\AppId\ZangoToolbar.DLL
 HKCR\AppId\ZangoToolbar.DLL#AppID
 HKCR\AppId\{F1F040D5-E8F8-4680-B101-9334E9773841}
 HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}
 HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid
 HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid32
 HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib
 HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib#Version
Adware.SurfSideKick
 C:\Documents and Settings\TY.USER-MOEGC231VW\Application Data\Sskcwrd.dll
Adware.Adservs
 C:\WINDOWS1\system32\atmtd.dll._
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088336.dll
Trojan.NetMon/DNSChange
 C:\Program Files\Network Monitor
Adware.IEPlugin
 HKCR\Remove
Adware.ClickSpring/Yazzle
 C:\Program Files\Snowball Wars\License.txt
 C:\Program Files\Snowball Wars
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088347.exe
Adware.MyWay
 C:\Program Files\MyWay
Adware.Tracking Cookie
 C:\Documents and Settings\Ty\Cookies\ty@atwola[1].txt
 C:\Documents and Settings\Ty\Cookies\ty@clickfrom.buy[1].txt
 C:\Documents and Settings\Ty\Cookies\ty@hypertracker[1].txt
 C:\Documents and Settings\Ty\Cookies\ty@www2.undergroundlair[1].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@atwola[1].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@emarketmakers[1].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@exitexchange[2].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@metareward[1].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@offeroptimizer[2].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@rightmedia[1].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@stat.dealtime[2].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@ugl.adtrak[2].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@www.burstbeacon[1].txt
 C:\Documents and Settings\Ty\Local Settings\Temp\Cookies\ty@www2.undergroundlair[2].txt
Adware.180solutions/Search Assistant
 C:\Documents and Settings\TY.USER-MOEGC231VW\Desktop\struff\Setup.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP333\A0077782.dll
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP355\A0086260.exe
 C:\WINDOWS1\Downloaded Program Files\RCX6C.tmp
Adware.DelFin Project
 C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP355\A0088156.exe
Trojan.Downloader-Variant
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP355\A0088062.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP355\A0088134.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088173.exe
TargetSaver, Inc. Process
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP355\A0088157.exe
Trojan.Unknown Origin
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088320.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088330.exe
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088334.vbs
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088335.vbs
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088343.exe
 C:\WINDOWS1\Uninst2.htm
 C:\WINDOWS1\Unist1.htm
Trojan.TagASaurus
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088322.exe
Trojan.URLBrowserNew
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088340.exe
Trojan.ZQuest
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088342.dll
Adware.IWantSearchBar
 C:\System Volume Information\_restore{6FBCEAF5-0243-46D8-AD89-2C2EE752BBC9}\RP356\A0088354.dll
Adware.DealHelper
 C:\WINDOWS1\system32\dun.exe
 
and my hijack
 
Logfile of HijackThis v1.99.1
Scan saved at 8:22:06 AM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS1\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator.USER-MOEGC231VW.000\Local Settings\Temporary Internet Files\Content.IE5\RGXMYALX\alternativ[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://delspysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://delspysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\Userinit.exe
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS1\system32\awtqq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/034ae9af1b03bee7b015/netzip/RdxIE601.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS1\system32\awtqq.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS1\SYSTEM32\WgaLogon.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13649
  		   Posted 7-5-2006 1:01 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
 
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called: Firewall service (FWSvc)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://delspysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://delspysoft.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://delspysoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\Userinit.exe
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS1\system32\awtqq.dll
O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe" –nag
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O20 - Winlogon Notify: awtqq - C:\WINDOWS1\system32\awtqq.dll

 
 
 
 
 
Please download http://swandog46.geekstogo.com/avenger.zip
 
by Swandog46 to your Desktop.
 
Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box bellow.
Quote:
Files to delete:
C:\WINDOWS1\system32\awtqq.dll
C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

After the reboot,
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log
 
If You can´t boot to normal mode, please tell why

Regards - Touch   idea
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 4:38 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////
Error:  could not create zip file.
Error code: 1813

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fvsrcrer
*******************
Script file located at: \??\C:\WINDOWS1\system32\qrntpigb.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS1\system32\awtqq.dll deleted successfully.

Could not open file C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe for deletion
Deletion of file C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe failed!
Could not process line:
C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe
Status: 0xc000003a

Completed script processing.
*******************
Finished!  Terminate.
 
 
theres the avener
 
 
and my hijack
 
Logfile of HijackThis v1.99.1
Scan saved at 10:37:32 AM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS1\system32\notepad.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\Program Files\Intel\Intel(R) Active Monitor\iActvMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\JEOAWCD5\alternativ[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NI.UWA6P_0001_N69M0303] "C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\AZ4JJCDK\WinAntiVirusPro2006Installer[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/034ae9af1b03bee7b015/netzip/RdxIE601.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS1\SYSTEM32\WgaLogon.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
 
 
im in normal mode right now
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13649
  		   Posted 7-5-2006 5:00 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
That´s good news smile
 
 
 
 
Install and run it, In address bar/box   copy the text below, in bold ,then paste all the text , push Go button:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 
Look in right pane for:
[NI.UWA6P_0001_N69M0303]
 
Rightclick on it -  Delete.
 
Reboot and post fresh  HijackThis log.

Regards - Touch   idea
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 5:13 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
heres my hijack
 
Logfile of HijackThis v1.99.1
Scan saved at 11:12:31 AM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TY.USER-MOEGC231VW\Local Settings\Temporary Internet Files\Content.IE5\JEOAWCD5\alternativ[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS1\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/034ae9af1b03bee7b015/netzip/RdxIE601.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS1\SYSTEM32\WgaLogon.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
 
 
 
 
my comp is running so much better:p
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13649
  		   Posted 7-5-2006 5:44 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
I am glad to hear that, and Your log looks clean to me smilewinkgrin


There is only a cosmetic thing You can fix with hijackthis:
O2 - BHO: (no name) - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - (no file)
 
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
Systemrestore
 
To avoid going to a bad site you might want to install IE-SpyAd, SpywareBlaster and Spywareguard:
 
IE Spyad -> IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known ad/spy servers and domains to the "Restricted Zone" of Internet Explorer. Once IE-ADS.REG is "merged" into your Registry, most ad/spy servers will not be able to resort to the usual "tricks" (e.g., cookies, scripts, popups, etc.) that they use in order to track and monitor your behavior while you surf the Net.
 
SpywareBlaster  ->  Prevent the installation of ActiveX-based spyware, adware, browser hijackers,
dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
 
SpywareGuard  -> SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
 
 
Visit Microsoft  and check for Critical Security Updates
Microsoft Update
 
Also make sure to run your antivirus software regularly, and to keep it up-to-date.





Regards - Touch   idea
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

Caspian
New Member


Date Joined Jun 2006
Total Posts : 18
  		   Posted 7-5-2006 5:50 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
thank you so much
god i was up for two days with this crap

youve done so much

thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13649
  		   Posted 7-7-2006 6:29 (GMT +1)    Quote: Wtf i need major help nowAlert an admin about: Wtf i need major help now
It was my pleasure to help You


Hope You´ve had a good sleep now ;-)


Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM a Moderator and we will reopen it for you
 


Regards - Touch   idea
 
 
Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top