Popups, Smitfraud undeleteable, disappearing explorer.exe, refreshing desktop, etc.

Hi :)

You have a rootkit there. You also have an infection which replaces legitimate files with bad ones :sick:

Download RustBFix from one of the following locations...

http://www.uploads.ejvindh.net/rustbfix.exe

http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
 
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bpaxopdm

*******************

Script file located at: \??\C:\Program Files\stcrwdac.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.



************************* Rustock.b-fix -- By ejvindh *************************
Sat 01/13/2007 15:34:54.15

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 71330
Total size: 71330 bytes.
Attempting to remove ADS...
system32: deleted 71330 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************
 
Ok good :)

Please run ComboFix again and post the fresh log with a fresh HijackThis log to here :bigthumb:
 
HP_Owner - 07-01-15 17:31:09.14 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\HP_Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-13 15:37 <DIR> d-------- C:\avenger
2007-01-13 15:34 <DIR> d-------- C:\Rustbfix
2007-01-11 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-01-11 15:40 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-01-11 15:36 <DIR> d--h----- C:\Documents and Settings\HP_Owner\InstallAnywhere
2007-01-11 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-01-11 15:33 <DIR> d-------- C:\Program Files\Macromedia
2007-01-11 15:33 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-01-10 14:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-10 14:45 <DIR> d-------- C:\Program Files\Grisoft
2007-01-08 23:37 966,144 --a------ C:\WINDOWS\system32\LTDLGRES13N.DLL
2007-01-08 23:37 90,112 --a------ C:\WINDOWS\system32\LFJBG13N.DLL
2007-01-08 23:37 785,920 --a------ C:\WINDOWS\system32\LTANN13N.DLL
2007-01-08 23:37 76,800 --a------ C:\WINDOWS\system32\LFWMF13N.DLL
2007-01-08 23:37 73,216 --a------ C:\WINDOWS\system32\LFFAX13N.DLL
2007-01-08 23:37 65,536 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-01-08 23:37 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll
2007-01-08 23:37 446,464 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-01-08 23:37 443,392 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-01-08 23:37 393,216 --a------ C:\WINDOWS\system32\LFCMP13n.DLL
2007-01-08 23:37 37,888 --a------ C:\WINDOWS\system32\lfeps13n.dll
2007-01-08 23:37 35,328 --a------ C:\WINDOWS\system32\lttwn13n.dll
2007-01-08 23:37 31,744 --a------ C:\WINDOWS\system32\lflmb13n.dll
2007-01-08 23:37 31,232 --a------ C:\WINDOWS\system32\LFPNM13n.dll
2007-01-08 23:37 30,208 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-01-08 23:37 279,552 --a------ C:\WINDOWS\system32\LFJ2K13n.dll
2007-01-08 23:37 265,728 --a------ C:\WINDOWS\system32\LTDIS13n.dll
2007-01-08 23:37 26,112 --a------ C:\WINDOWS\system32\lfpcx13n.dll
2007-01-08 23:37 205,824 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-01-08 23:37 20,480 --a------ C:\WINDOWS\system32\LFWPG13N.DLL
2007-01-08 23:37 19,968 --a------ C:\WINDOWS\system32\lfitg13n.dll
2007-01-08 23:37 181,248 --a------ C:\WINDOWS\system32\Lfpng13n.dll
2007-01-08 23:37 18,944 --a------ C:\WINDOWS\system32\lfmsp13n.dll
2007-01-08 23:37 18,944 --a------ C:\WINDOWS\system32\lfmac13n.dll
2007-01-08 23:37 168,448 --a------ C:\WINDOWS\system32\LTSCR13n.DLL
2007-01-08 23:37 139,776 --a------ C:\WINDOWS\system32\ltfil13n.DLL
2007-01-08 23:37 126,464 --a------ C:\WINDOWS\system32\lftif13n.dll
2007-01-08 23:37 118,272 --a------ C:\WINDOWS\system32\QPRO32.DLL
2007-01-08 23:37 1,684,992 --a------ C:\WINDOWS\system32\LTCLR13N.dll
2007-01-08 23:37 1,396,736 --a------ C:\WINDOWS\system32\LTDLG13N.dll
2007-01-08 23:37 1,044,480 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-01-08 15:58 <DIR> d-------- C:\VundoFix Backups
2007-01-08 14:40 <DIR> d-------- C:\SDFix
2007-01-08 02:25 81,684 --a------ C:\WINDOWS\system32\qqjittun.dll
2007-01-07 02:25 81,684 --a------ C:\WINDOWS\system32\rlyonmht.dll
2007-01-06 23:45 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-01-06 23:43 <DIR> d-------- C:\Program Files\WinPcap
2007-01-06 23:43 <DIR> d-------- C:\Program Files\WC3Banlist
2007-01-06 03:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-06 02:25 81,684 --a------ C:\WINDOWS\system32\asbktcyr.dll
2007-01-05 02:25 81,684 --a------ C:\WINDOWS\system32\rnppneox.dll
2007-01-04 02:24 81,684 --a------ C:\WINDOWS\system32\yutftewp.dll
2007-01-04 01:02 118,804 --a------ C:\WINDOWS\system32\erhprcjn.dll
2007-01-03 01:02 81,684 --a------ C:\WINDOWS\system32\yseigpjs.dll
2007-01-02 15:23 <DIR> d--h----- C:\WINDOWS\HUL
2007-01-01 23:11 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-01 23:10 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2006-12-27 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2006-12-25 22:32 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-12-24 23:29 22,541 ---hs---- C:\WINDOWS\system32\efcccda.dll
2006-12-24 15:30 <DIR> d-------- C:\Program Files\Shockwave.com
2006-12-24 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2006-12-24 12:47 37,768 -ra------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2006-12-24 12:47 <DIR> d-------- C:\Program Files\Mio DigiWalker
2006-12-20 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-20 13:56 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-20 13:41 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-12-20 13:41 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-14 21:02 <DIR> d-------- C:\WINDOWS\system32\bak
2006-12-14 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-15 17:32 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus
2007-01-15 05:51 -------- d-------- C:\Program Files\Warcraft III
2007-01-13 15:19 -------- d-------- C:\Program Files\Maxthon2
2007-01-11 15:50 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2007-01-11 15:47 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-11 15:40 -------- d-------- C:\Program Files\Common Files
2007-01-11 15:35 -------- d---s---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2007-01-10 21:08 -------- d-------- C:\Program Files\Soulseek-Test
2007-01-10 14:54 -------- d-------- C:\Program Files\Google
2007-01-10 14:54 -------- d-------- C:\Program Files\FlashGet
2007-01-06 13:53 -------- d-------- C:\Program Files\Winamp
2007-01-06 04:43 -------- d-------- C:\Program Files\QuickTime
2007-01-06 04:41 -------- d-------- C:\Program Files\Norton Internet Security
2007-01-06 04:19 -------- d-------- C:\Program Files\Internet Explorer
2007-01-06 04:00 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-06 03:58 -------- d-a------ C:\Program Files\Common Files\LightScribe
2007-01-06 03:58 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-01-06 03:57 -------- d-------- C:\Program Files\Azureus
2007-01-06 03:53 -------- d-------- C:\Program Files\AIM6
2007-01-04 02:18 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-02 22:40 -------- d-------- C:\Program Files\AC Tool
2007-01-02 15:24 -------- d-------- C:\Program Files\softnyx
2006-12-27 13:38 -------- d-------- C:\Program Files\Java
2006-12-26 14:41 -------- d-------- C:\Program Files\Microsoft Games
2006-12-25 00:24 -------- d-------- C:\Program Files\Movie Maker
2006-12-19 21:08 -------- d-------- C:\Program Files\Steam
2006-12-14 21:34 -------- d-------- C:\Program Files\DAEMON Tools
2006-12-13 16:45 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\nView_Wallpaper
2006-12-13 16:12 -------- d-------- C:\Program Files\Lycos Phone
2006-12-09 08:41 -------- d-------- C:\Program Files\PT Software
2006-12-08 15:29 -------- d-------- C:\Program Files\Trillian
2006-12-07 22:19 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\acccore
2006-12-07 22:18 -------- d-------- C:\Program Files\Common Files\AOL
2006-12-07 22:17 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-11-27 19:26 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Autodesk
2006-11-27 19:23 -------- d-------- C:\Program Files\AutoCAD 2007
2006-11-27 19:22 -------- d-------- C:\Program Files\Microsoft Office
2006-11-27 19:22 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-27 19:22 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-11-27 19:16 -------- d-------- C:\Program Files\Autodesk
2006-11-26 20:58 -------- d-------- C:\Program Files\Atari
2006-11-26 19:30 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-19 23:57 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-11-19 17:30 -------- d-------- C:\Program Files\EA GAMES


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"fwewwqwe3"="C:\\WINDOWS\\TEMP\\90F38F8C.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoCAD Startup Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "
"item"="AutoCAD Startup Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VERIZO~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeadAIM"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dxc"
"hkey"="HKLM"
"command"="C:\\Program Files\\DeluxeCommunications\\Dxc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPwuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPBootOp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd08"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"command"="c:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Domain Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mstc"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\mstc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ncl2bdc8]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w89baf9d.dll,n 0072bdc10000000589baf9d"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oscylhhA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oscylhhA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\oscylhhA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunProfiler"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\PC-Doctor 5 for Windows\\RunProfiler.exe\" -r"
"inimapping"="0"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ResChanger2005"
"hkey"="HKCU"
"command"="C:\\Program Files\\ResChanger 2005\\ResChanger2005.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spoolsvv"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spoolsvv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\explorer..exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys012078796204-]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys012078796204-"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\sys012078796204-.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="testtestt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\testtestt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Duce6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Duce6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winclean]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winclean"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\winclean.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gnotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{81-16-65-54-ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dwdsregt"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\dwdsregt.exe SKY001"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{84181654-0BFB-1033-0321-060419060001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{84181654-0BFB-1033-0321-060419060001}\\Update.exe\" mc-110-12-0000272"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=dword:00000002
"Pml Driver HPZ12"=dword:00000000
"IDriverT"=dword:00000003

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-15 17:33:52.14
C:\ComboFix.txt ... 07-01-15 17:33
C:\ComboFix2.txt ... 07-01-12 01:53


Logfile of HijackThis v1.99.1
Scan saved at 6:06:00 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\HP_Owner\Desktop\Downloads\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\90F38F8C.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166639969234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Open AVG Anti-Spyware:
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==================

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [fwewwqwe3] C:\WINDOWS\TEMP\90F38F8C.exe

Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\qqjittun.dll
C:\WINDOWS\system32\rlyonmht.dll
C:\WINDOWS\system32\asbktcyr.dll
C:\WINDOWS\system32\rnppneox.dll
C:\WINDOWS\system32\yutftewp.dll
C:\WINDOWS\system32\erhprcjn.dll
C:\WINDOWS\system32\yseigpjs.dll
C:\WINDOWS\system32\efcccda.dll
C:\WINDOWS\system32\mstc.exe
C:\WINDOWS\oscylhhA.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\explorer..exe
C:\WINDOWS\sys012078796204-.exe
C:\WINDOWS\system32\testtestt.exe
C:\WINDOWS\Duce6.exe
C:\windows\system32\winclean.exe
C:\windows\system32\dwdsregt.exe
Click to expand...
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Select "All Files".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folders (if present):
C:\Program Files\PSDream
C:\Program Files\DeluxeCommunications
C:\Program Files\Internet Optimizer

Use the Windows search
  • Start
  • Search
  • All files and folders
  • More advanced options
Checkmark these options:
  • "Search system folders"
  • "Search hidden files and folders"
  • "Search subfolders"
  • Search for this and delete if found: w89baf9d.dll
Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon
    foldericon.png
    and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
 
This topic is closed due to lack of a response :spider:

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread.

Applies only to the original topic starter.
 
You must log in or register to reply here.
Back
Top