Help with viruses please!

New Logs

Ok, I was able to download Dr Web Cureit. Here are the two logs you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:59 PM, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe
C:\WINDOWS\system32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Matt Cybolsky\Start Menu\Programs\IMVU\Run

IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

- http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CA

B
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/clie

nt/wuweb_site.cab?1119074375655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cl

ient/muweb_site.cab?1186504357359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6722 bytes

Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
 
Hello :)

Ok yes delete the SweetIMBarForIE folder.

Ok so you can't use ftp for DrWeb...We'll use this scanner instead.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log
 
Dr. Web and HJT Log

Hi again. I was able to download Dr. Web. Here is that log and a new HJT log.
01895250.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet;Deleted.;
02455937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.4412;Deleted.;
03024078.FIL;C:\$VAULT$.AVG;Trojan.Proxy.1739;Deleted.;
03630218.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet;Deleted.;
04028921.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.80;Deleted.;
04029078.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.414;Deleted.;
57075015.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
87876000.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
RegUBP2b-Extra Account.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\Extra Account\Desktop\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\Extra Account\Desktop\SmitfraudFix;Tool.ShutDown.11;Moved.;
horsegrey[1].ani;C:\Documents and Settings\Extra Account\Local Settings\Temporary Internet Files\Content.IE5\4LOQFH3M;Exploit.ANIFile;Deleted.;
chocovancake[1].ani;C:\Documents and Settings\Extra Account\Local Settings\Temporary Internet Files\Content.IE5\H06KX3VR;Exploit.ANIFile;Deleted.;
autorun.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.Fakealert.357 - read error;Deleted.;
system.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\Extra Account\Start Menu\Programs\Startup;Trojan.Fakealert.357 - read error;Deleted.;
printer.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.357 - read error;Deleted.;
winavxx.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.357 - read error;Deleted.;
A0103847.dll;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Fakealert.305 - read error;Deleted.;
A0103849.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Fakealert.305 - read error;Deleted.;
A0103853.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Packed.140;Deleted.;
A0103854.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP500;Trojan.Packed.140;Deleted.;
A0103862.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103863.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103864.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103886.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.StartPage.1505;Deleted.;
A0103892.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103893.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103894.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP502;Trojan.Packed.140;Deleted.;
A0103900.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP503;Trojan.StartPage.1505;Deleted.;
A0103905.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103906.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103907.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103913.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103918.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103919.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103920.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103922.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103929.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103930.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103931.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103939.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103940.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103941.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103944.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103959.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103960.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103961.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.Packed.140;Deleted.;
A0103964.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP504;Trojan.StartPage.1505;Deleted.;
A0103975.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103976.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103977.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103979.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0103989.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.StartPage.1505;Deleted.;
A0104005.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0104006.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.Packed.140;Deleted.;
A0104008.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP505;Trojan.StartPage.1505;Deleted.;
A0104031.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104032.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104034.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104035.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP506;Trojan.Packed.140;Deleted.;
A0104178.dll;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105131.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105135.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105136.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105137.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105140.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.StartPage.1505;Deleted.;
A0105155.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105156.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105157.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105159.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.StartPage.1505;Deleted.;
A0105167.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105168.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105169.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.Fakealert.357 - read error;Deleted.;
A0105172.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP513;Trojan.StartPage.1505;Deleted.;
A0105199.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.Fakealert.357 - read error;Deleted.;
A0105200.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.Fakealert.357 - read error;Deleted.;
A0105201.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.Fakealert.357 - read error;Deleted.;
A0105204.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;Trojan.StartPage.1505;Deleted.;
A0105209.sys;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP514;BackDoor.Bulknet;Deleted.;
A0105217.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.Fakealert.357 - read error;Deleted.;
A0105218.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.Fakealert.357 - read error;Deleted.;
A0105219.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.Fakealert.357 - read error;Deleted.;
A0105222.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP515;Trojan.StartPage.1505;Deleted.;
A0105231.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.StartPage.1505;Deleted.;
A0105235.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105236.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105237.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105238.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.Fakealert.357 - read error;Deleted.;
A0105249.sys;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.NtRootKit.414;Deleted.;
A0105295.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP516;Trojan.StartPage.1505;Deleted.;
A0105314.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP517;BackDoor.Bulknet.80;Deleted.;
A0105358.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP517;Trojan.StartPage.1505;Deleted.;
A0105454.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP519;Trojan.StartPage.1505;Deleted.;
A0105477.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP519;Trojan.StartPage.1505;Deleted.;
A0105656.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP522;Trojan.StartPage.1505;Deleted.;
A0105664.exe;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP522;Tool.Prockill;Moved.;
A0105692.reg;C:\System Volume Information\_restore{FF50AE10-220E-407B-91F4-34A72E0EC01A}\RP522;Trojan.StartPage.1505;Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:11 PM, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Extra Account\Desktop\drweb-cureit.exe
C:\DOCUME~1\EXTRAA~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\EXTRAA~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Matt Cybolsky\Start Menu\Programs\IMVU\Run

IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online

Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

- http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CA

B
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/clie

nt/wuweb_site.cab?1119074375655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cl

ient/muweb_site.cab?1186504357359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7015 bytes
:yes:
 
Hi again, only a few leftovers. How is the computer running?

You should print these instructions or save these to a text file. Follow these instructions carefully.

==================

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable Windows Defender's realtime protection.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.

Disable Spybot S&D Teatimer.
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu select "Advanced Mode"
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck "Resident TeaTimer" and OK any prompts.
  • Restart your computer


Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

Restart your computer

Post a fresh HijackThis log to here
 
Spybot Resident Teatimer

Hello. I'm having trouble unchecking the Resident Teatimer box. I click to uncheck it, but am not getting any OK prompts and so when I close Spybot and then open it again to check, Teatimer is still on.
How can we fix this? Thanks.
 
New JHT Log

You can disregard that last post, I figured it out. I was unchecking the Teatimer box, and then pressing the X to close the program, which wasn't working. Then I tried unchecking Teatimer and doing File - Exit, and it stuck.
Whew!
Here's my new HJT Log. I think we are making progress.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:24 PM, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -

C:\Documents and Settings\Matt Cybolsky\Start Menu\Programs\IMVU\Run

IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online

Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

- http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CA

B
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) -

http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/clie

nt/wuweb_site.cab?1119074375655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cl

ient/muweb_site.cab?1186504357359
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6513 bytes
 
Update

The PC seems to be running good. Am I really all done? You are amazing! I am so grateful! Thank you, thank you.
If I may ask a question, what should I have installed on my computer, SpyBot of course, but what else? AVG, AdAware, what about Windows Defender? What would give me good overall protection? Thanks.
 
Hi :)

Yes looks clean.

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:Hi again, it is looking clean now :)

You can remove the tools we used.

Then you should update your Java to the latest version (6u3)
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Java,
    Java 2 Runtime Environment, SE v1.4.2
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Stay clean and be safe ;)
 
Thank you!

Again, I can't thank you enough. Your patience and clear instructions were invaluable. This is definitely the most amazing forum I have ever had the priviledge
of being a part of. I am so envious of your knowledge.
Best wishes.
 
Thanks for the kind words and you're very welcome :D:

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:
 
You must log in or register to reply here.
Back
Top