View Full Version : Browser Hijacking - AdAware unable to remove corrupted .dll files
ampoliros
2007-03-16, 05:06
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:07:03 PM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\World of Warcraft\Launcher.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\?icrosoft\?explore.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\!update.exe
C:\DOCUME~1\Ryan\MYDOCU~1\PPPATC~1\rundll.exe
C:\Documents and Settings\Ryan\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {2CFE089A-6794-4B86-15B6-74FBCE862CB7} - C:\Program Files\MSN\quhacemy.dll
O2 - BHO: (no name) - {3ACFBCE5-5577-2BF1-7712-0FB26B6584C8} - C:\WINDOWS\system32\npiu.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\Documents and Settings\Ryan\Desktop\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sys016913846451] C:\WINDOWS\sys016913846451.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [AAW] "D:\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Teuu] "C:\DOCUME~1\Ryan\MYDOCU~1\PPPATC~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [Vjyzf] "C:\Program Files\?icrosoft\?explore.exe" 99001396
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Policies\Explorer\Run: [{64D07B45-0AE9-1033-0517-040504130001}] "C:\Program Files\Common Files\{64D07B45-0AE9-1033-0517-040504130001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{64D07B45-0AE9-1033-0517-040504130001}] "C:\Program Files\Common Files\{64D07B45-0AE9-1033-0517-040504130001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{64D07B45-0AE9-1033-0517-040504130001}] "C:\Program Files\Common Files\{64D07B45-0AE9-1033-0517-040504130001}\Update.exe" mc-110-12-0000140 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170491139309
O20 - AppInit_DLLs: dxclib303562752.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN\rteqeqagi.html
--
End of file - 7082 bytes
teacup61
2007-03-18, 05:33
Hello ampoliros,
Welcome to Safer Networking Forums :)
OUCH! :oops: Where is your Anti Virus? :spider:
Before beginning, you may want to save these instructions to Notepad or print them out for easier reference.
No Antivirus software or a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them!!
AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.Some good free firewalls are Kerio http://www.sunbelt-software.com/Kerio-Download.cfm ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za), or Outpost (http://www.agnitum.com/products/outpostfree/download.php)
A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!
When you've done this, run a full system scan.
===============================
I suggest you remove NewDotNet unless you deliberately installed it. It is extremely dubious and commercially sponsored:
First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:
· If you lose internet access, from a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_90.exe.
· Download and save uninstall6_90.exe to the Desktop.
· Go to the Desktop and double-click on uninstall6_90.exe
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot even if not prompted.
===============================
Navigate to C:\Program Files\MSN
Delete the following file in bold:
rteqeqagi.html
Then Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),
Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.
===============================
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
This topic has been archived due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
ampoliros
2007-03-28, 04:48
I posted before with an issue, but I honestly forgot to check the response. The thread has been closed and my system had Zone Alarm and AVG installed, so I figured I should just post a new log. I also have Hijackthis, Spybot - Search & Destroy, and Adaware installed. I ran AVG and Adaware before running Hijack this and also used Windows Update. I'm also subscribed to the topic this time, so I won't forget again. I would appreciate any help you can give me.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:46:45 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CFE089A-6794-4B86-15B6-74FBCE862CB7} - C:\Program Files\MSN\quhacemy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\Documents and Settings\Ryan\Desktop\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{64D07B45-0AE9-1033-0517-040504130001}] "C:\Program Files\Common Files\{64D07B45-0AE9-1033-0517-040504130001}\Update.exe" mc-110-12-0000137
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{64D07B45-0AE9-1033-0517-040504130001}] "C:\Program Files\Common Files\{64D07B45-0AE9-1033-0517-040504130001}\Update.exe" mc-110-12-0000137 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{64D07B45-0AE9-1033-0517-040504130001}] "C:\Program Files\Common Files\{64D07B45-0AE9-1033-0517-040504130001}\Update.exe" mc-110-12-0000137 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170491139309
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7038 bytes
Angelfire777
2007-04-01, 19:41
Please work with teacup61 until you finish this and it is good that you have decided to subscribe to this thread so you will not lose tea again.
AF777
ampoliros
2007-04-01, 22:14
"Ryan" - 07-04-01 15:08:32 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Ryan\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1396OinAdmin.exe
C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
C:\WINDOWS\b.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\system32\bund1\2new.exe
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\mac.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\bund1\Yzz.exe
C:\WINDOWS\system32\bund1\zq.exe
C:\Program Files\Common Files\{34D07~1\UnInstall.exe
C:\Program Files\Common Files\{64D07~1\system.dll
C:\Program Files\Common Files\{64D07~1\Update.exe
C:\Program Files\Common Files\{64D07~2\system.dll
C:\Program Files\inetget2
C:\Program Files\outlook
C:\WINDOWS\system32\bund1
C:\Program Files\Common Files\{34D07~1
C:\Program Files\Common Files\{64D07~2
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\{64D07~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Ryan
C:\qoobox\purity\DOCUME~1\Ryan\MYDOCU~1
C:\qoobox\purity\DOCUME~1\Ryan\MYDOCU~1\CROSOF~1
C:\qoobox\purity\DOCUME~1\Ryan\MYDOCU~1\from.txt
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1\dllhost.exe
((((((((((((((((((((((((((((((( Files Created from 2007-03-01 to 2007-04-01 ))))))))))))))))))))))))))))))))))
2007-03-29 10:32 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-03-27 21:18 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Help
2007-03-27 20:56 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-03-27 20:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-27 20:26 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-16 01:23 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-03-16 01:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-16 01:23 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-16 01:23 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-16 01:23 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-03-16 01:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-03-16 01:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-03-16 00:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-03-16 00:41 <DIR> d-------- C:\Program Files\Yahoo!
2007-03-16 00:41 <DIR> d-------- C:\Program Files\CCleaner
2007-03-16 00:28 1,536 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-16 00:24 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-16 00:24 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-16 00:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-16 00:24 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-16 00:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-16 00:24 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-15 23:45 <DIR> d-------- C:\VundoFix Backups
2007-03-15 23:41 <DIR> d-------- C:\WINDOWS\quqk
2007-03-15 23:41 <DIR> d-------- C:\Program Files\Common Files\quqk
2007-03-15 23:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-15 22:40 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-15 22:26 <DIR> d--hs---- C:\WINDOWS\UnlhbiBLYXJzY2huZXI
2007-03-15 22:24 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-11 16:02 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Viewpoint
2007-03-08 20:07 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Apple Computer
2007-03-08 20:06 <DIR> d-------- C:\Program Files\QuickTime
2007-03-08 20:06 <DIR> d-------- C:\Program Files\iTunes
2007-03-08 20:06 <DIR> d-------- C:\Program Files\iPod
2007-03-08 20:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-07 11:52 154 --a------ C:\DOCUME~1\Ryan\APPLIC~1\wklnhst.dat
2007-03-07 11:52 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\Template
2007-03-07 11:48 <DIR> d-------- C:\Program Files\Microsoft Works
2007-03-07 00:14 <DIR> d-------- C:\Program Files\uTorrent
2007-03-07 00:14 <DIR> d-------- C:\DOCUME~1\Ryan\APPLIC~1\uTorrent
2007-03-06 23:46 <DIR> d-------- C:\Program Files\Practice Exam Package
2007-03-02 15:59 53,248 --a------ C:\WINDOWS\uni_eh10.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-16 01:19 -------- d-------- C:\Program Files\messenger
2007-03-03 14:18 -------- d-------- C:\Program Files\java
2007-03-01 23:44 -------- d-------- C:\DOCUME~1\Ryan\APPLIC~1\limewire
2007-02-28 02:24 -------- d-------- C:\Program Files\sonic
2007-02-28 02:24 -------- d-------- C:\Program Files\Common Files\sonic shared
2007-02-27 17:21 -------- d-------- C:\DOCUME~1\Ryan\APPLIC~1\real
2007-02-27 17:19 1338 --a------ C:\WINDOWS\mozver.dat
2007-02-27 17:18 -------- d-------- C:\Program Files\real
2007-02-27 17:18 -------- d-------- C:\Program Files\Common Files\xing shared
2007-02-27 17:18 -------- d-------- C:\Program Files\Common Files\real
2007-02-21 04:27 -------- d-------- C:\DOCUME~1\Ryan\APPLIC~1\sun
2007-02-16 21:29 -------- d-------- C:\DOCUME~1\Ryan\APPLIC~1\ventrilo
2007-02-16 21:27 -------- d-------- C:\Program Files\ventrilo
2007-02-16 21:26 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-02-12 21:05 -------- d-------- C:\Program Files\conexant
2007-02-09 02:10 -------- d--h----- C:\Program Files\installshield installation information
2007-02-09 02:09 -------- d-------- C:\Program Files\netgear wg311v2 adapter
2007-02-05 00:11 -------- d-------- C:\Program Files\ati technologies
2007-02-04 16:49 -------- d-------- C:\DOCUME~1\Ryan\APPLIC~1\lavasoft
2007-02-03 15:56 -------- d-------- C:\Program Files\Common Files\java
2007-02-03 14:15 -------- d-------- C:\DOCUME~1\Ryan\APPLIC~1\teamspeak2
2007-02-03 12:19 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
2007-02-03 05:24 -------- d-------- C:\Program Files\viewpoint
2007-02-03 05:24 -------- d-------- C:\Program Files\Common Files\nullsoft
2007-02-03 05:23 335 --a------ C:\WINDOWS\nsreg.dat
2007-02-03 05:19 -------- d-------- C:\Program Files\Common Files\installshield
2007-02-03 05:19 -------- d-------- C:\Program Files\analog devices
2007-02-03 05:16 -------- d-------- C:\Program Files\c-media
2007-02-03 04:51 -------- d-------- C:\Program Files\windows media connect 2
2007-02-03 04:21 62865 --a------ C:\WINDOWS\system32\drivers\odysseyIM3.sys
2007-02-03 03:59 0 -rahs---- C:\MSDOS.SYS
2007-02-03 03:59 0 -rahs---- C:\IO.SYS
2007-02-03 03:59 0 --a------ C:\CONFIG.SYS
2007-02-03 03:59 0 --a------ C:\AUTOEXEC.BAT
2007-02-03 03:59 -------- d-------- C:\Program Files\microsoft frontpage
2007-02-03 03:57 -------- d--h----- C:\Program Files\windowsupdate
2007-02-03 03:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-03 03:56 -------- d-------- C:\Program Files\movie maker
2007-02-03 03:56 -------- d-------- C:\Program Files\Common Files\mssoap
2007-02-03 03:55 -------- d-------- C:\Program Files\windows nt
2007-02-03 03:55 -------- d-------- C:\Program Files\online services
2007-02-03 03:55 -------- d-------- C:\Program Files\msn gaming zone
2007-02-02 22:48 62 --ahs---- C:\DOCUME~1\Ryan\APPLIC~1\desktop.ini
2007-02-02 22:48 -------- d-------- C:\Program Files\Common Files\speechengines
2007-02-02 22:48 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"C-Media Speaker Configuration"="C:\\Documents and Settings\\Ryan\\Desktop\\WinXP\\Setup.exe /SPEAKER"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-01 15:11:31
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:13:22 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ryan\Desktop\HiJackThis_v2.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CFE089A-6794-4B86-15B6-74FBCE862CB7} - C:\Program Files\MSN\quhacemy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\Documents and Settings\Ryan\Desktop\WinXP\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170491139309
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D51C10D-B21C-48D3-B47C-0CCF1B159C43}: NameServer = 4.2.2.1,4.2.2.6
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6547 bytes
In a weird note, when I tried to post, the forums said my reply was too *short*, so I added this sentence.
teacup61
2007-04-02, 17:48
Hello,
Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)
Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click the settings tab, then click "apply all actions" and choose clean (quarantine)
Close AVG. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {2CFE089A-6794-4B86-15B6-74FBCE862CB7} - C:\Program Files\MSN\quhacemy.dll
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
Delete the following file, if present:
C:\Program Files\MSN\quhacemy.dll
In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)
Thanks,
tea
:scratch:
Due to lack of a response, this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.