Search:

Thank YOU Mr_JAk3,
There used to be a time when a simple AV program would take care of the problem. But today, as you know, that is not the case. You are truly one of the white hats of the internet...

No I don't think so... Haven't been hijacked for a while now. It just seems a little slow booting up. After looking at the HJT log, I think that is due to some stuff left behind by some uninstalls...

My apologies... I had to use another computer to get Dr.Web. For some reason I was being blocked on the problem computer. But as requested... the files.

George :bigthumb:

Dr.Web.csv
...

Here are the results of the scans for the two files.

STATUS: FINISHEDComplete scanning result of "csrss.exe", received in VirusTotal at 04.16.2007, 23:09:49 (CET).

Antivirus Version Update...

Mr Jak,

:scratch: Same problem, same place...:scratch:

Did a re-install of AVG (including the update of the files). Tried regular boot, safe boot, and safe boot using the global admin account...

Mr Jak,
As requested...
George :rolleyes:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 13, 2007 8:50:53 PM
...

Mr Jak, :bigthumb:
As requested.
George

Logfile of HijackThis v1.99.1
Scan saved at 4:51:29 PM, on 4/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1...

Hello Mr Jak,
GMER rootkit as requested... I'm assuming you wanted it in safe mode.
George :bigthumb:

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-11 19:33:32
Windows 5.1.2600...

Yes, Tried it both in safe mode and in normal mode. Safe mode first. Also tried to run in diagnostic mode using msconfig. I also ran SFC/scanboot. That didn't do anything either.

When searching...

Mr Jak,

Having problems running AVG... :sad: :banghead: Hangs when trying to do system scan during memory/processes @ [120] VM_7FFE0000. This is related to process SMSS.EXE on the Analysis page....

2007-04-04 17:13 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2007-04-04 17:13 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2007-04-04...

Hi Mr Jak,
Next step as requested...
There was an error while running. It said "Search string too long" but kept running.

George

"Betty" - 07-04-05 20:35:27 Service Pack 1
ComboFix...

Mr Jak,
I did the custom update because Microsoft wanted me to update to SP2 in express. I think I have all up to SP2 but not completely sure. It only shows SP1 not SP1A. Is this ok?

Thanks,...

Thank you for your prompt reply. :)
HijackThis log as requested.

George

Logfile of HijackThis v1.99.1
Scan saved at 5:33:50 PM, on 4/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE:...

Compaq Advisor ({C4C1AFCD-2C72-48B4-AE2E-A7354A525E87})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation...

Windows XP Hotfix - KB828741 20040305.180454 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link:...

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player)
DPF name:
CLSID name: InstallShield International Setup Player
Installer:...

Every time I go online, my browsergets hijacked. If I go to Google and do a search, When I click on a result, it gets hijacked to some other website other than the one I was trying to go to. If I cut...