comp realy messed up

Unknown
edited October 2007 in Spyware & Virus Removal
i heard from a friend that you guys help fix problem on ppls comps well my problem is i got some sort of vires or spyware. i ran a scan on zonealarm but evertime i got half way through it just shut down my comp. id reboot it try to scan and it would do the same thing. so i did the systom restore check point then it did the reboot thing but now i cant reboot normally it will get to the windows XP loading screen then no ferther. my comp is still runing cuz i can hear it but the keyboard is off so is the moniter i can get through on safe mode but the internet only last about 10 min then it cant load the pages anymore just wanted to now what to do first i downloaded the hijackthis and i ran the atf cleaner here is the log after the atf clean and it would not let my install super antispyware or ad-aware 2007 should i try spybot search and distroy

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:49:06 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support
Running processes:
C:..WINDOWS..System32..smss.exe
C:..WINDOWS..system32..winlogon.exe
C:..WINDOWS..system32..services.exe
C:..WINDOWS..system32..lsass.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..System32..svchost.exe
C:..WINDOWS..Explorer.EXE
C:..PROGRA~1..MOZILL~1..FIREFOX.EXE
C:..Documents and Settings..Administrator.VALUED-7B9600FA.000..Desktop..HiJackThis_v2.exe
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6.r{}*v C:..WINDOWS..TEMP..SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS...DEFAULT......Run: [Symantec NetDriver Warning] C:..PROGRA~1..SYMNET~1..SNDWarn.exe (User 'Default user')
O4 - HKUS...DEFAULT......RunOnce: [SRUUninstall] "C:..WINDOWS..System32..msiexec.exe" /L*v C:..WINDOWS..TEMP..SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:..Program Files..Microsoft Office..Office10..OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:..Program Files..AOL..AOL Toolbar 2.0..aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:..WINDOWS..System32..Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:..Documents and Settings..Owner..Start Menu..Programs..IMVU..Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%..Network Diagnostic..xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%..Network Diagnostic..xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:..Program Files..PartyGaming.Net..PartyPokerNet..RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:..Program Files..PartyGaming.Net..PartyPokerNet..RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O12 - Plugin for .pdf: C:..Program Files..Internet Explorer..PLUGINS..nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:..WINDOWS..System32..browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:..WINDOWS..System32..browseui.dll
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:..Program Files..Google..Common..Google Updater..GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:..WINDOWS..System32..nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:..Program Files..WinPcap..rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:..Program Files..Common Files..Sony Shared..AVLib..SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:..Program Files..Common Files..Symantec Shared..CCPD-LC..symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:..WINDOWS..system32..ZoneLabs..vsmon.exe
--
End of file - 9832 bytes

Comments

  • NuppiNuppi South Ostrobothnia (Finland)
    edited September 2007
    Hi nick381,

    And welcome to Icrontic

    DO NOT SCAN IN SAFEMODE, if possible.

    Please Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Please Download newest HJTInstall.exe to your Desktop.
    • Doubleclick HJTInstall.exe to install it.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Save the log to a convenient location as you'll need to post it soon.
    • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
    =====
  • nick381
    edited September 2007
    it dosent let my boot in normal mode so i have to do everything in safe mode





    ComboFix 07-09-20.1 - "Administrator" 2007-09-23 16:42:54.2 - NTFSx86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.354 [GMT -5:00]
    .
    ((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
    .
    2007-09-20 15:44 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
    2007-09-19 22:28 <DIR> d----c--- C:\WINDOWS\ERUNT
    2007-09-19 22:28 <DIR> d----c--- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\WinRAR
    2007-09-19 19:14 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-18 18:31 <DIR> d----c--- C:\DOCUME~1\ADMINI~1.000\WINDOWS
    2007-09-18 18:31 <DIR> d----c--- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Sony Corporation
    2007-09-18 18:31 <DIR> d----c--- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\InterTrust
    2007-09-17 21:53 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
    2007-09-14 18:14 3,315,232 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-09-14 18:10 75,248 --a--c--- C:\WINDOWS\zllsputility.exe
    2007-09-14 18:09 1,086,952
    c--- C:\WINDOWS\system32\zpeng24.dll
    2007-09-14 18:09 <DIR> d----c--- C:\WINDOWS\system32\ZoneLabs
    2007-08-25 22:28 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
    2007-08-23 22:41 <DIR> d----c--- C:\Program Files\DivX
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-18 18:36
    d-a--c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-09-18 18:35
    d----c--- C:\Program Files\Viewpoint
    2007-09-16 20:43 32 --ahsc--- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-03 16:04
    d----c--- C:\Program Files\Google
    2007-08-24 03:19
    d----c--- C:\Program Files\LimeWire
    2007-08-22 00:35
    d----c--- C:\Program Files\IDoser v41
    2007-08-20 23:05
    d----c--- C:\Program Files\Cain
    2007-08-20 17:14
    d----c--- C:\Program Files\Promosoft Corporation
    2007-08-20 00:09
    d----c--- C:\Program Files\WinPcap
    2007-08-19 07:39
    d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-19 05:58
    d----c--- C:\Program Files\iTunes
    2007-08-19 05:58
    d----c--- C:\Program Files\iPod
    2007-08-19 03:40
    d----c--- C:\Program Files\Common Files\Symantec Shared
    2007-08-19 02:18
    d----c--- C:\Program Files\Windows Live Toolbar
    2007-08-19 01:13
    d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
    2007-08-19 00:40
    d----c--- C:\Program Files\MSN Messenger
    2007-08-19 00:31
    d----c--- C:\Program Files\Common Files\Viewpoint
    2007-08-19 00:31
    d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-08-19 00:26
    d----c--- C:\Program Files\QuickTime
    2007-08-19 00:25
    d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-08-19 00:21
    d----c--- C:\Program Files\Apple Software Update
    2007-08-19 00:16
    d----c--- C:\Program Files\Common Files\Apple
    2007-08-19 00:16
    d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-08-19 00:13
    d----c--- C:\Program Files\Windows Media Connect 2
    2007-08-18 23:41
    d----c--- C:\Program Files\DAP
    2007-08-18 23:11 50688 --a--c--- C:\WINDOWS\system32\wbhelp2.dll
    2007-07-30 19:19 92504 --a--c--- C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a--c--- C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a--c--- C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a--c--- C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a--c--- C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 271224 --a--c--- C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a--c--- C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a--c--- C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a--c--- C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    2007-07-29 22:02
    d----c--- C:\Program Files\AWS
    2007-06-28 19:01 88696 --a--c--- C:\WINDOWS\system32\Packet.dll
    2007-06-28 19:01 68224 --a--c--- C:\WINDOWS\system32\WanPacket.dll
    2007-06-28 19:01 53299 --a--c--- C:\WINDOWS\system32\pthreadVC.dll
    2007-06-28 19:01 240240 --a--c--- C:\WINDOWS\system32\wpcap.dll
    2007-06-26 01:08 1104896 --a--c--- C:\WINDOWS\system32\msxml3.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}]
    C:\Program Files\IntCodec\isaddon.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2001-11-19 06:40]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:19]
    "CleanupProgram"="C:\Sonysys\cleanup.exe" []
    "nwiz"="nwiz.exe" [2003-05-02 15:19 C:\WINDOWS\system32\nwiz.exe]
    "Mouse Suite 98 Daemon"="PELMICED.EXE" [2001-08-21 11:08 C:\WINDOWS\system32\PELMICED.EXE]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-19 23:28]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-25 21:25]
    "MSN Service Pro2"="pic691[1].com" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-19 19:30]
    "HostManager"="C:\Program Files\Common Files\AOL\1153534919\ee\AOLHostManager.exe" [2005-08-02 14:33]
    "P2P Networking2"="C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe" []
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-18 23:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
    "SDFix"="C:\DOCUME~1\ADMINI~1.000\Desktop\SDFix\RunThis.bat /second" []
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SDFix"=C:\DOCUME~1\ADMINI~1.000\Desktop\SDFix\RunThis.bat /second
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
    VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2001-12-19 17:24:36]
    R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys
    R3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys
    R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys
    S1 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
    S2 SonyFKC;FAN and Keyboard Control Service;C:\WINDOWS\system32\Drivers\SonyFKC.sys
    S2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys
    S2 V7;V7;C:\WINDOWS\system32\drivers\V7.sys
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
    S3 BCMModem;BCM V.90 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMDM.sys
    S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
    S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);C:\WINDOWS\system32\Drivers\SMBE.SYS
    S3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS
    S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-04 16:07:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-09-18 01:49:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-09-17 22:33:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************
    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-23 16:45:10
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2007-09-23 16:46:43
    C:\ComboFix-quarantined-files.txt ... 2007-09-23 16:46
    C:\ComboFix2.txt ... 2007-09-20 15:49
    .
    --- E O F ---


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:47:10 PM, on 9/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Safe mode with network support
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Administrator.VALUED-7B9600FA.000\Desktop\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MSN Service Pro2] pic691[1].com
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153534919\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\ADMINI~1.000\Desktop\SDFix\RunThis.bat /second
    O4 - HKLM\..\RunOnce: [SDFix] C:\DOCUME~1\ADMINI~1.000\Desktop\SDFix\RunThis.bat /second
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 9527 bytes
  • NuppiNuppi South Ostrobothnia (Finland)
    edited September 2007
    Hi,

    Please rescan with hijackthis and check:

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
    O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\ADMINI~1.000\Desktop\SDFix\RunThis.bat /second
    O4 - HKLM\..\RunOnce: [SDFix] C:\DOCUME~1\ADMINI~1.000\Desktop\SDFix\RunThis.bat /second

    Close all other programs and click fix checked.

    Delete folders:

    C:\Program Files\MyWay
    C:\Program Files\IntCodec

    boot comp, try first to normal mode and send a fresh hijackthis log
  • nick381
    edited September 2007
    here it is it still wont let me boot in normal mode and a new folder called backups is on my desktop.





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:36:32 PM, on 9/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Safe mode with network support
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Administrator.VALUED-7B9600FA.000\Desktop\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MSN Service Pro2] pic691[1].com
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153534919\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /AUTOSTART
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 8646 bytes
  • NuppiNuppi South Ostrobothnia (Finland)
    edited September 2007
    Hi,


    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


    Please Open Notepad and copy and paste quote boxes text:
    File::
    C:\WINDOWS\system32\pic691[1].com

    Save to nameCFScript

    Then drag and drop CFScript to ComboFix.exe As shows below.

    CFScript.gif

    Combofix will start to reming and scanning

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • DEselect Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware report.

    Send contens off combofix.txt file to responce.
    Send a fresh hijackthis log too :D

    Try if it starts now in normally :D
  • NuppiNuppi South Ostrobothnia (Finland)
    edited October 2007
    Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

    Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
This discussion has been closed.