Help with viruses please!

**jenny4275** · 2007-10-21, 00:33

Ok, I was able to download Dr Web Cureit. Here are the two logs you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:59 PM, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe
C:\WINDOWS\system32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Matt Cybolsky\Start Menu\Programs\IMVU\Run

IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

- http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/insta...nSSWebAgent.CA

B
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupdate.microsoft.co...ls/en/x86/clie

nt/wuweb_site.cab?1119074375655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/micr...rols/en/x86/cl

ient/muweb_site.cab?1186504357359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6722 bytes

Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;

**Mr_JAk3** · 2007-10-21, 11:41

Hello

Ok yes delete the SweetIMBarForIE folder.

Ok so you can't use ftp for DrWeb...We'll use this scanner instead.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log

**jenny4275** · 2007-10-21, 19:45

Hi again. I was able to download Dr. Web. Here is that log and a new HJT log.
01895250.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet;Deleted.;
02455937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.4412;Deleted.;
03024078.FIL;C:\$VAULT$.AVG;Trojan.Proxy.1739;Deleted.;
03630218.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet;Deleted.;
04028921.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.80;Deleted.;
04029078.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.414;Deleted.;
57075015.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
87876000.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
RegUBP2b-Extra Account.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\Extra Account\Desktop\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\Extra Account\Desktop\SmitfraudFix;Tool.ShutDown.11;Moved.;
horsegrey[1].ani;C:\Documents and Settings\Extra Account\Local Settings\Temporary Internet Files\Content.IE5\4LOQFH3M;Exploit.ANIFile;Deleted.;
chocovancake[1].ani;C:\Documents and Settings\Extra Account\Local Settings\Temporary Internet Files\Content.IE5\H06KX3VR;Exploit.ANIFile;Deleted.;
autorun.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.Fakealert.357 - read error;Deleted.;
system.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\Extra Account\Start Menu\Programs\Startup;Trojan.Fakealert.357 - read error;Deleted.;
printer.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.357 - read error;Deleted.;
winavxx.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.357 - read error;Deleted.;
A0103847.dll;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Fakealert.305 - read error;Deleted.;
A0103849.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Fakealert.305 - read error;Deleted.;
A0103853.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Packed.140;Deleted.;
A0103854.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Packed.140;Deleted.;
A0103862.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103863.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103864.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103886.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.StartPage.1505;Deleted.;
A0103892.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103893.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103894.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103900.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP503;Trojan.StartPage.1505;Deleted.;
A0103905.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103906.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103907.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103913.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103918.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103919.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103920.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103922.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103929.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103930.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103931.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103939.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103940.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103941.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103944.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103959.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103960.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103961.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103964.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103975.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103976.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103977.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103979.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103989.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.StartPage.1505;Deleted.;
A0104005.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0104006.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0104008.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.StartPage.1505;Deleted.;
A0104031.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104032.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104034.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104035.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104178.dll;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105131.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105135.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105136.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105137.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105140.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.StartPage.1505;Deleted.;
A0105155.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105156.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105157.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105159.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.StartPage.1505;Deleted.;
A0105167.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105168.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105169.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105172.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.StartPage.1505;Deleted.;
A0105199.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.Fakealert.357 - read error;Deleted.;
A0105200.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.Fakealert.357 - read error;Deleted.;
A0105201.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.Fakealert.357 - read error;Deleted.;
A0105204.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.StartPage.1505;Deleted.;
A0105209.sys;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;BackDoor.Bulknet;Deleted.;
A0105217.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.Fakealert.357 - read error;Deleted.;
A0105218.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.Fakealert.357 - read error;Deleted.;
A0105219.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.Fakealert.357 - read error;Deleted.;
A0105222.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.StartPage.1505;Deleted.;
A0105231.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.StartPage.1505;Deleted.;
A0105235.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105236.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105237.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105238.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105249.sys;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.NtRootKit.414;Deleted.;
A0105295.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.StartPage.1505;Deleted.;
A0105314.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP517;BackDoor.Bulknet.80;Deleted.;
A0105358.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP517;Trojan.StartPage.1505;Deleted.;
A0105454.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP519;Trojan.StartPage.1505;Deleted.;
A0105477.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP519;Trojan.StartPage.1505;Deleted.;
A0105656.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP522;Trojan.StartPage.1505;Deleted.;
A0105664.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP522;Tool.Prockill;Moved.;
A0105692.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP522;Trojan.StartPage.1505;Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:11 PM, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Extra Account\Desktop\drweb-cureit.exe
C:\DOCUME~1\EXTRAA~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\EXTRAA~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Matt Cybolsky\Start Menu\Programs\IMVU\Run

IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online

Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

- http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/insta...nSSWebAgent.CA

B
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupdate.microsoft.co...ls/en/x86/clie

nt/wuweb_site.cab?1119074375655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/micr...rols/en/x86/cl

ient/muweb_site.cab?1186504357359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7015 bytes

**Mr_JAk3** · 2007-10-22, 19:47

Hi again, only a few leftovers. How is the computer running?

You should print these instructions or save these to a text file. Follow these instructions carefully.

==================

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable Windows Defender's realtime protection.

Open Windows Defender
Click on "Tools"
Click on "General Settings"
Scroll down to "Real-time protection options"
Uncheck "Turn on Real-time protection (recommended)"
Click "Save"
Exit the program.

Disable Spybot S&D Teatimer.

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu select "Advanced Mode"
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

Restart your computer

Post a fresh HijackThis log to here

**jenny4275** · 2007-10-22, 20:53

Hello. I'm having trouble unchecking the Resident Teatimer box. I click to uncheck it, but am not getting any OK prompts and so when I close Spybot and then open it again to check, Teatimer is still on.
How can we fix this? Thanks.

**jenny4275** · 2007-10-23, 00:01

You can disregard that last post, I figured it out. I was unchecking the Teatimer box, and then pressing the X to close the program, which wasn't working. Then I tried unchecking Teatimer and doing File - Exit, and it stuck.
Whew!
Here's my new HJT Log. I think we are making progress.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:24 PM, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Matt Cybolsky\Start Menu\Programs\IMVU\Run

IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online

Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

- http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/insta...nSSWebAgent.CA

B
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupdate.microsoft.co...ls/en/x86/clie

nt/wuweb_site.cab?1119074375655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/micr...rols/en/x86/cl

ient/muweb_site.cab?1186504357359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6513 bytes

**Mr_JAk3** · 2007-10-23, 21:16

Looking clean. How is the pc running?

**jenny4275** · 2007-10-23, 23:32

The PC seems to be running good. Am I really all done? You are amazing! I am so grateful! Thank you, thank you.
If I may ask a question, what should I have installed on my computer, SpyBot of course, but what else? AVG, AdAware, what about Windows Defender? What would give me good overall protection? Thanks.

**Mr_JAk3** · 2007-10-24, 21:08

Hi

Yes looks clean.

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:

Hi again, it is looking clean now

You can remove the tools we used.

Then you should update your Java to the latest version (6u3)

Start
Control Panel
Add/Remove Programs
Delete the old Java,
Java 2 Runtime Environment, SE v1.4.2
Download the latest version of Java Runtime Environment (JRE) 6u3.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it

Now you can make your hidden files hidden again.

Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly. How to enable Automatic Updates?
Keep your antivirus and firewall up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein
So how did I get infected in the first place?
Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe

**jenny4275** · 2007-10-25, 02:43

Again, I can't thank you enough. Your patience and clear instructions were invaluable. This is definitely the most amazing forum I have ever had the priviledge
of being a part of. I am so envious of your knowledge.
Best wishes.

Thread: Help with viruses please!

Thread Tools

Display

New Logs

Dr. Web and HJT Log

Spybot Resident Teatimer

New JHT Log

Update

Thank you!

Posting Permissions