Browser hijack !

Thanks again.

Hello angelfire, and thank again for your help.

it's was a delay.

I have to ask u, it's ok to add the reg file because parts of the reg file are full of "jibrish".

It's ok to add ?
 
Logs.

Hello angelfire, here it's the logs.
Antispyware log :

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:37:11 03/03/2007

+ Scan result:

D:\Program Files\Oversight System Sentinel Demo\help.chm -> Adware.AntiAwarePro : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
D:\backups\backup-20070225-111125-358.dll -> Adware.I2ISolutions : Ignored.
D:\backups\backup-20070225-111125-600.dll -> Adware.I2ISolutions : Ignored.
D:\1\mailpv.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored.
D:\1\mspass.zip/mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
D:\Documents and Settings\s\Cookies\s@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored.
D:\Documents and Settings\s\Cookies\s@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
D:\Documents and Settings\s\Cookies\s@com[1].txt -> TrackingCookie.Com : Ignored.
D:\Documents and Settings\s\Cookies\s@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
D:\Documents and Settings\s\Cookies\s@web-stat[2].txt -> TrackingCookie.Web-stat : Ignored.
D:\Documents and Settings\s\Cookies\s@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
D:\1\pspv.zip/pspv.exe -> Trojan.IcqSmiley.e : Ignored.

::Report end

hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 11:19:40, on 06/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Documents and Settings\s\Desktop\hjt\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC4698E-6425-43FB-8D02-7F66BEB37964}: NameServer = 194.90.1.5 212.143.212.143
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

aboubuster log :

AboutBuster 6.06
Scan started on [06/03/2007] at [11:06:30]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! D:\WINDOWS\Rhododendron.bmp:vyllhj
Removed Stream! D:\WINDOWS\_default.pif:almsnr
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:12:59
 
Hi,

We have exams tomorrow so I'll have to study first. I'll have something for you by friday :)
 
Last edited:
Hi, sorry for the delay..

Your AVG Antispyware log showed that it didn't clean anything at all..

Please reboot your machine to safe mode.

While in safe mode, have HijackThis fix check these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm (file missing)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab

Close HijackThis.

then,

*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type delservices2.bat in the File name and save it to your desktop.

Code: 
@echo off
sc stop rpcapd
sc delete rpcapd

Locate delservices2.bat on your Desktop and double-click on it.

*Using Windows Explorer, find and delete these files:

D:\s.exe
D:\WINDOWS\zts2.exe
D:\WINDOWS\System32\vcmgcd32.dll
D:\WINDOWS\System32\iifgfgf.dll
D:\WINDOWS\rundll16.exe
D:\WINDOWS\rundl132.dll
D:\WINDOWS\logo1_.exe
D:\WINDOWS\System32\T.COM
D:\WINDOWS\System32\TASKMGR.COM
D:\WINDOWS\REGEDIT.COM
D:\WINDOWS\R.COM
D:\WINDOWS\System32\intr32.dll

Empty your Recyle bin.

*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type fix.reg in the File name and save it to your desktop.

Code: 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"=-


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fix.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer Yes.
_______________

Could you please run AVG Antispyware again while still in safe mode and make sure you hit the "apply all actions" button first before the "save report" button.

Reboot to normal mode.

*Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).

*I would like you to scan a few files for me.

Please go HERE. Click browse then, navigate to this file:

D:\WINDOWS\System32\gynoqkjx.isf

Then click submit.

do the same for this file: D:\WINDOWS\System32\iymmhnpo.xhy

Please post the results to your next reply.

If Jotti is too busy, you can go HERE and do the same as above.

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log and the AVG Antispyware log, results of the jotti scan and a description on how your machine is running.
 
Logs and details.

Hello angelfire, thanks for your help.

Here is logs of HIJACKTHIS and SDFIX, and notes about my computer.

HIJACKTHIS LOG :

Logfile of HijackThis v1.99.1
Scan saved at 15:10:10, on 10/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Documents and Settings\s\Desktop\hjt\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

SDFIX LOG :

SDFix: Version 1.70

Run by s - Sat 03/10/2007 / 14:37:28.94

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:

Name:
SVKP

Path:
\??\D:\WINDOWS\System32\SVKP.sys

SVKP Deleted



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

D:\WINDOWS\system32\SVKP.SYS - Deleted



ADS Check:

D:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\system.exe"="c:\\system.exe:*:Enabled:system"


Remaining Files:
---------------

Backups Folder: - D:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

D:\Documents and Settings\s\NetHood\clients - www.gi-israel.com\Desktop.ini
D:\icetemplates.com_free006_ecommerce\icetemplates.com_free006_ecommerce\html\images\Thumbs.db
D:\dkjrxp\dataness\cncs32.dll
D:\WINDOWS\system32\avisynth.dll
D:\WINDOWS\system32\AVSredirect.dll
D:\WINDOWS\system32\cygwin1.dll
D:\WINDOWS\system32\cygz.dll
D:\WINDOWS\system32\i420vfw.dll
D:\WINDOWS\system32\Smab.dll
D:\WINDOWS\system32\yv12vfw.dll
D:\Documents and Settings\s\Desktop\BUMPY.EXE
D:\simcity\simcity\SIM.EXE
D:\tj\tj\TJ.EXE
D:\WINDOWS\meta4.exe
D:\WINDOWS\MOTA113.exe
D:\WINDOWS\x2.64.exe
D:\WINDOWS\system32\x.264.exe
D:\Documents and Settings\All Users\Application Data\13.sys
D:\WINDOWS\dwin.sys
D:\WINDOWS\system32\84C07846D1.sys
D:\WINDOWS\system32\D14678C084.sys
D:\WINDOWS\system32\KGyGaAvL.sys
D:\Documents and Settings\s\Application Data\Microsoft\Templates\~WRL3971.tmp
D:\Documents and Settings\s\Application Data\Microsoft\Word\~WRL0004.tmp

Finished

Personal about my computer :

- I didn't find this files, they only appear by foldr, not by file here is the files :
ZTS2.EXE VCMGCD32.DLL IIFGFGF.DLL RUNDLL16.EXE RUNDLL132.DLL LOGO1_EXE ** I delete all this folder names.

- the batch command of delete a service i get ERROR here is the detail :
"Sc - CONTROLSERVICE FAILED : 1062"

- When i go to normal mode, spybot detect a change from "explorer.exe" to "Explorer.exe" i apply to this change.

- i didn't the files - gynoqkjx.isf and iymmhnpo.xhy

- for avg antispyware - i didn't run, i think my 30 days get on, i download the update database from the site, but in safe mode it's says "never update".

- When i run hijackthis first time in normal mode to do the log i get something with an :
"UNEXPETECT ERROR 05......" i proceed to the scan and the log.

- my automatic update service set to auto, i disable it.

- After sdfix was loaded and finished, i press enter to the reboot, the system reboot, and i go out not staying near the computer i didn't press enter, and when i comeback windows was already loaded, it's ok right ?

Thanks so much for your help !!!
 
Edit

EDIT :

- I didn't find this files, they only appear by foldr name, not by file here is the files : Example : ZTS2.EXE (folder)
ZTS2.EXE VCMGCD32.DLL IIFGFGF.DLL RUNDLL16.EXE RUNDLL132.DLL LOGO1_EXE ** I delete all this folder names, and all this folders was empty, all others files was founded and delete.

- i didn't find the files - gynoqkjx.isf and iymmhnpo.xhy

Spyware terminator and spybot was disabled.
 
When i go to normal mode, spybot detect a change from "explorer.exe" to "Explorer.exe" i apply to this change.
Click to expand...

I'm not sure what that means as explorer.exe and Explorer.exe are the same files...Can you elaborate further on this?

for avg antispyware - i didn't run, i think my 30 days get on, i download the update database from the site, but in safe mode it's says "never update".
Click to expand...

That's alright if you can't update in Safe mode because you can't connect to the internet..Even though your 30 days are over, you can still use the on-demand scanner..I want you to please scan with it again in Safe mode and make sure you hit the "apply all actions" button first before the "save report" button.

my automatic update service set to auto, i disable it.
Click to expand...

Is it Aitomatic Windows Updates you're talking about? If so, why did you disable it?

After sdfix was loaded and finished, i press enter to the reboot, the system reboot, and i go out not staying near the computer i didn't press enter, and when i comeback windows was already loaded, it's ok right ?
Click to expand...

It's odd but it ran ok.
________________

After you scan with AVG Antispyware in safe mode, reboot to normal mode.

Configure your machine to view hidden files:

Windows XP
  • Click Start.
  • Open My Computer..
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the "Hidden files and folders" heading select Show hidden files and folders.
  • Uncheck the Hide Protected Operating System Files Option.
  • Click Yes to confirm.
  • Click OK.

I would like you to scan a few files for me.

Please go HERE. Click browse then, navigate to this file:

c:\system.exe

Then click submit.

Do the same for this file: D:\Documents and Settings\All Users\Application Data\13.sys

Please post the results to your next reply.

If Jotti is too busy, you can go HERE and do the same as above.
_________________

download RegSearch Tool by Bobbi Flekman

1. Unzip it to your desktop
2. Double-click on regsearch.exe, and search for this:

Remote Packet Capture Protocol v.0

3. It may take a while to run, so be patient. When finished, the search results will appear in your text editor

On your next reply, please include a fresh HijackThis log, AVG antispyware log, results of the jotti scan and the results of the regsearch.
 
logs :

Hello again angelfire. thanks for your help. here is the logs :

Log of hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 09:33:19, on 11/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\s\Desktop\regsearch.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\s\Desktop\hjt\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC4698E-6425-43FB-8D02-7F66BEB37964}: NameServer = 194.90.1.5 212.143.212.143
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

Log of regsearch :

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11/03/2007 09:28:24 for strings:
; 'remote packet capture protocol v.0'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpcapd]
"DisplayName"="Remote Packet Capture Protocol v.0 (experimental)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rpcapd]
"DisplayName"="Remote Packet Capture Protocol v.0 (experimental)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd]
"DisplayName"="Remote Packet Capture Protocol v.0 (experimental)"

; End Of The Log...

Log of Jotti :

Find nothing. the file system.exe i don't find it. ( it's show all files include hidden ).

- My surf is little slow.
- Automatic update - need a validation my windows xp it's from my another computer...
- And about avg antispyware, i download file manauly the full data base in normal mode, and install it, but when i run, it's says : never update.

Thanks.
 
*We need to temporarily disable Spyware Terminator, it can stop our fix.

Open Spyware Terminator then Click on the "Real-time Protection" tab, leave the "Use Real-time Protection" checkbox empty and click on the "Save Changes" button.

Exit Spyware Terminator.

*You need To disable Spyware Guard temporarily, it can stop our fix. Please Re-enable it after your system is clean.

1.Right-click on the SG icon in your System Tray and SpywareGuard should open.
2.Click "Options" and then uncheck these options under the "General" tab:
  • Enable Real-Time Scanning
  • Enable Download Protection
  • Enable Browser Hijack Protection
3.Click "Save Settings."

*We need to temporarily disable Spybot's TeaTimer, it may stop our fix.

Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
______________________

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.


*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type fix2.reg in the File name and save it to your desktop.

Code: 
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpcapd]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rpcapd]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd]


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fix.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer Yes.
_______________________

Next, don't mind the updates anymore. Just do the AVG Antispyware scan again in Safe Mode.

Reboot to normal mode after the scan then post a fresh HijackThis log and the AVG Antispyware log and tell me how's it running.
 
Hello again. i don't understand :

*Open notepad. Copy and paste the text inside the Code Box below into Notepad Choose File > Save As and under "Save as type" said:
All Files[/b]".
Type fix2.reg in the File name and save it to your desktop.

Code: 
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpcapd]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rpcapd]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd]


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fix.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer Yes.
_______________________

.
Click to expand...

Double click on fix.reg that we created before ? or double click on fix2.reg that we created now ?

Thanks for your help.
 
Logs :

Hello angelfire, and thanks for your help, you the best.

Here is the log for hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 21:18:23, on 11/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\SpywareGuard\sgmain.exe
D:\Documents and Settings\s\Desktop\hjt\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

And the log for avg antispyware :

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:12:26 11/03/2007

+ Scan result:



D:\Program Files\Oversight System Sentinel Demo\help.chm -> Adware.AntiAwarePro : Ignored.
D:\Documents and Settings\s\Desktop\hjt\backups\backup-20070310-125217-506.dll -> Adware.I2ISolutions : Ignored.
D:\backups\backup-20070225-111125-358.dll -> Adware.I2ISolutions : Ignored.
D:\backups\backup-20070225-111125-600.dll -> Adware.I2ISolutions : Ignored.
D:\1\mailpv.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored.
D:\1\mspass.zip/mspass.exe -> Not-A-Virus.PSWTool.Win32.Messen.106 : Ignored.
D:\Documents and Settings\s\Cookies\s@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\s\Cookies\s@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\GAMES\pspv.zip/pspv.exe -> Trojan.IcqSmiley.e : Cleaned with backup (quarantined).
C:\WINSET98\WIN98_46.CAB/notepad.exe -> Worm.Volag.c : Cleaned with backup (quarantined).


::Report end

I have some questions, if that ok :

- When i do the process, i disable Teatimer of spybot, but when i setup again do enable, he denied the changes based on previous selection of mine, how i set it to enable this selection ? here is the 2 denied changes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
so for now, TEATIMER is disable.

- The code REGEDIT4, after the last line i press ENTER for setup a blank line, it's ok ? and there 1 line space between "REGEDIT4" and the reg lines, it's ok ?

- I forget to say, that i have double boot. drive c - is win98 and drive d - is windows xp, it's ok yes ?

I'm waiting for your pro and quicker answer from you, about the report and the questions, YOU ARE THE BEST ! :)
a
 
Hi,

well what do you know, the stubborn O23 is now gone :)

I have some questions, if that ok :
Click to expand...

Sure.

When i do the process, i disable Teatimer of spybot, but when i setup again do enable, he denied the changes based on previous selection of mine, how i set it to enable this selection ? here is the 2 denied changes :
Click to expand...

I'm not very familiar with Teatimer but I think you can set teatimer to just allow the changes made..

The code REGEDIT4, after the last line i press ENTER for setup a blank line, it's ok ? and there 1 line space between "REGEDIT4" and the reg lines, it's ok ?
Click to expand...

Yes what you did is right.

I forget to say, that i have double boot. drive c - is win98 and drive d - is windows xp, it's ok yes ?
Click to expand...

Yeah it's perfectly ok.

*Using Windows Explorer, find and delete these files:

D:\Program Files\Oversight System Sentinel Demo\help.chm
D:\backups\backup-20070225-111125-358.dll
D:\backups\backup-20070225-111125-600.dll
D:\1\mailpv.zip
D:\1\mspass.zip

Empty your recycle bin.

Reboot.

On your next reply, please post a fresh HijackThis log and a description on how your machine is running.
 
Final log :

Hello angelfire, my computer seems to run fine, programs get up faster, and in general it's OK.

But i wanted to know what to do about teatimer, should i leave it Disable ? and spyware terminator do the same job...? not ?
Because if i enable it, he denied the changes, and keep up this lines :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
It's ok and safe to enable it and leave this two lines ?

And another question, it's safe and ok to change my home page to Google ?

Here is the log of hijackthis : ( Hope it's ok with you, so many logs... :red: )

Logfile of HijackThis v1.99.1
Scan saved at 23:26:21, on 12/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Documents and Settings\s\Desktop\hjt\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

Some notes :

Thanks so much for be Logfile of HijackThis v1.99.1
Scan saved at 23:26:21, on 12/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Documents and Settings\s\Desktop\hjt\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

Some notes :

Thanks you for being patient. Keep up your good work. :bigthumb:
 
Hi,

You're welcome :)

**We need to temporarily disable Spyware Terminator, it can stop our fix.

Open Spyware Terminator then Click on the "Real-time Protection" tab, leave the "Use Real-time Protection" checkbox empty and click on the "Save Changes" button.

Exit Spyware Terminator.

*You need To disable Spyware Guard temporarily, it can stop our fix. Please Re-enable it after your system is clean.

1.Right-click on the SG icon in your System Tray and SpywareGuard should open.
2.Click "Options" and then uncheck these options under the "General" tab:
  • Enable Real-Time Scanning
  • Enable Download Protection
  • Enable Browser Hijack Protection
3.Click "Save Settings."


*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.


But i wanted to know what to do about teatimer, should i leave it Disable ? and spyware terminator do the same job...? not ?
Click to expand...

Do the following then, re-enable tea-timer and spyware terminator. The alerts should go away..Make sure you re-enable spyware guard too..

  • Click Start > Run type Notepad.exe then click OK.
  • This will open a Notepad file.
  • Copy and paste the contents of the code box below into the open Notepad file.
  • Click on Format and make sure Wordwrap is unchecked.
  • Save as ResetTeaTimer.bat, save as "File type:" All Files.

Code: 
@echo off

VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT

VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT

VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO win

VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO win

VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO winme

VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT

echo Unsupported Version
goto last

:NT
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\Snapshots\*.*
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\RegKeyblack.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\ProcWhite.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\ProcBlack.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\logs\resident.log
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\UpdateDL.sbe
exit

:win
deltree /y %WINDIR%\applic~1\spybot~1\snapshots\*.*
del %WINDIR%\applic~1\spybot~1\logs\resident.log
del %WINDIR%\applic~1\spybot~1\excludes\ProcBlack.sbe
del %WINDIR%\applic~1\spybot~1\excludes\ProcWhite.sbe
del %WINDIR%\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del %WINDIR%\applic~1\spybot~1\excludes\RegKeyBlack.sbe
del %WINDIR%\applic~1\spybot~1\excludes\UpdateDL.sbe
exit

:winme
del /y %WINDIR%\alluse~1\applic~1\spybot~1\snapshots\*.*
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\UpdateDL.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\RegKeyblack.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\ProcWhite.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\ProcBlack.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\logs\resident.log
exit

:last
echo Press any key to terminate,..
pause
exit

Double click ResetTeaTimer.bat to run it.
__________________
And another question, it's safe and ok to change my home page to Google ?
Click to expand...

sure..It's perfectly ok..

*Congratulations! Your log looks clean!

Configure Windows Xp to hide system files:

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Do not show hidden files and folders.
  • Check the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here

IESpyAds
~You can download it from here
~If you want to know how IEspyads work you can take a look at it here
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Happy safe surfing!
 
Well...

Thank u angelfire for your help and support.

U keep suprising me every time with a great answer.

YOU ARE THE BEST !

P.S - what did you learn ? c++ ? delphi ? i want to study too, to know to mess up with registry. if u can tell me which study to take ?

Best regards. :bigthumb:
 
Thank u angelfire for your help and support.

U keep suprising me every time with a great answer.

YOU ARE THE BEST !
Click to expand...

Thank you :)

P.S - what did you learn ? c++ ? delphi ? i want to study too, to know to mess up with registry. if u can tell me which study to take ?
Click to expand...

Oh no no no..I never learned those two languages and you don't need to know them in order for you to do basic registry editing..Actually, while I was still studying in a malware removal university to learn how to remove malware, you'll learn registry editing somewhere along the way..If you are interested, you could register here: forum.malwareremoval.com and post a request to join the university :)

Tell me how it goes :)
 
Last edited:
Thanks.

Thanks you very much.

I sigend there. i'm waiting for pm.

I inform you, how is the study.

Thanks.

:bigthumb:
 
Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
 
You must log in or register to reply here.
Back
Top