« previous next »
Pages: 1 2 [3]

Author Topic: Topic for some1ok  (Read 2022 times)

Offline some1ok

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Topic for some1ok
« Reply #40 on: March 28, 2008, 01:51:18 PM »
i uninstalled it a WHILEEE back =|....like a really long while back.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Topic for some1ok
« Reply #41 on: March 29, 2008, 11:05:56 AM »
Can you try the following
 Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- McAfee WSC Integration

Double click on it---
In the drop down menu, change the startup type to Disabled
Apply and Ok it

do the same for the next ones
McAfee Task Scheduler
McAfee SecurityCenter Update Manager
McAfee Personal Firewall Service
McAfee SpamKiller Server

Reboot the computer
Back in windows
Download and run the McAfee Consumer Products Removal tool (MCPR.exe).

From Here
http://download.mcafee.com/products/licens...atches/MCPR.exe
  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Double-click MCPR.exe.
  • Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
    [color=\"blue\"]Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.[/color]
    After the second window appears, the program will begin the cleanup.
  • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
The machine must reboot to complete the un-installation. Reboot now? [y.n]
 
  • Press Y on the keyboard.
  • Wait for the computer to restart.
All McAfee products are now removed from your computer.

Let me know how things are running afterwards
Post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline some1ok

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Topic for some1ok
« Reply #42 on: March 29, 2008, 02:03:41 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:45 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10343 bytes


things are running ok.....my system lags. at randomest times =S....any ideas why?...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Topic for some1ok
« Reply #43 on: March 29, 2008, 02:27:02 PM »
Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the right-hand side. Then copy the URL provided and post it here for me.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline some1ok

  • Newbie
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Topic for some1ok
« Reply #44 on: March 29, 2008, 03:54:15 PM »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Topic for some1ok
« Reply #45 on: March 29, 2008, 04:09:47 PM »
It looks ok
I'm not sure why it's flagging spyware, unless to endorse the product

Can we do the following
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Left click to Highlight

Error Fixer 3.0.1

Select 'Delete this entry'
YES to the prompt then you can exit Hijackthis

Use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
        [color=\"#6666CC\"]Extended[/color]
    • Scan Options:
        [color=\"#6666CC\"]Scan Archives[/color]
        [color=\"#6666CC\"]Scan Mail Bases[/color]
        [/list]
        [/list]
        • Click OK and, under select a target to scan, select My Computer
        When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
        There is no option to clean/disinfect, however, we need to analyze the information on the report.

        To obtain the report:
        Click on: Save Report As (above - red blinking arrow)
        Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
        In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
        In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
        Then, click: Save
        Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Offline some1ok

        • Newbie
        • *
        • Posts: 26
        • Karma: +0/-0
          • View Profile
        Topic for some1ok
        « Reply #46 on: April 01, 2008, 05:38:24 PM »
        -------------------------------------------------------------------------------
         KASPERSKY ONLINE SCANNER REPORT
         Tuesday, April 01, 2008 6:55:34 PM
         Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
         Kaspersky Online Scanner version: 5.0.98.0
         Kaspersky Anti-Virus database last update:  1/04/2008
         Kaspersky Anti-Virus database records: 676350
        -------------------------------------------------------------------------------

        Scan Settings:
            Scan using the following antivirus database: extended
            Scan Archives: true
            Scan Mail Bases: true

        Scan Target - My Computer:
            C:\
            D:\
            E:\

        Scan Statistics:
            Total number of scanned objects: 145229
            Number of viruses found: 3
            Number of infected objects: 16
            Number of suspicious objects: 0
            Duration of the scan process: 02:20:15

        Infected Object Name / Virus Name / Last Action
        C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.Crwl    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.gthr    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wsb    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy30.gthr    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp    Object is locked    skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_ba8.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\cert8.db    Object is locked    skipped
        C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\history.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\key3.db    Object is locked    skipped
        C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\parent.lock    Object is locked    skipped
        C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\search.sqlite    Object is locked    skipped
        C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\urlclassifier2.sqlite    Object is locked    skipped
        C:\Documents and Settings\Mathew\Cookies\index.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\shadow\members.stg    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\MSHist012008040120080402\index.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DF650.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DF7C7.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DF8C4.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DF916F.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DF9180.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DFB3F2.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temp\~DFB43B.tmp    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes Library.itl    Object is locked    skipped
        C:\Documents and Settings\Mathew\ntuser.dat    Object is locked    skipped
        C:\Documents and Settings\Mathew\ntuser.dat.LOG    Object is locked    skipped
        C:\Downloads\Troy KLAXXON\Troy KLAXXON.avi.fb!    Object is locked    skipped
        C:\Joel\Logs\April 2008\calvin_liu25Email Removed.txt    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log    Object is locked    skipped
        C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt    Object is locked    skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\byddnslj.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\comyctgx.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\lioriqcd.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\prdroerp.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\C\WINDOWS\system32\wilvcmeb.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip/jkkll.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip/vtuvuvt.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip    ZIP: infected - 2    skipped
        C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll    Infected: not-a-virus:AdTool.Win32.WhenU.r    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe    Infected: not-a-virus:AdTool.Win32.WhenU.t    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178971.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180037.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180038.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180039.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180040.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180041.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
        C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP744\change.log    Object is locked    skipped
        C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
        C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt    Object is locked    skipped
        C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F1A9DCD6-6499-430C-B2F7-698D748F953C}.crmlog    Object is locked    skipped
        C:\WINDOWS\SchedLgU.Txt    Object is locked    skipped
        C:\WINDOWS\SoftwareDistribution\EventCache\{AC27E661-966A-42D2-B506-1C5F33DB1DD6}.bin    Object is locked    skipped
        C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
        C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
        C:\WINDOWS\system32\config\Antivirus.Evt    Object is locked    skipped
        C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
        C:\WINDOWS\system32\config\DEFAULT    Object is locked    skipped
        C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
        C:\WINDOWS\system32\config\Internet.evt    Object is locked    skipped
        C:\WINDOWS\system32\config\Media Ce.evt    Object is locked    skipped
        C:\WINDOWS\system32\config\ODiag.evt    Object is locked    skipped
        C:\WINDOWS\system32\config\OSession.evt    Object is locked    skipped
        C:\WINDOWS\system32\config\SAM    Object is locked    skipped
        C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
        C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
        C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
        C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
        C:\WINDOWS\system32\config\SOFTWARE    Object is locked    skipped
        C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
        C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
        C:\WINDOWS\system32\config\SYSTEM    Object is locked    skipped
        C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
        C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt    Object is locked    skipped
        C:\WINDOWS\system32\drivers\sptd.sys    Object is locked    skipped
        C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
        C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat    Object is locked    skipped
        C:\WINDOWS\TEMP\_avast4_\Webshlock.txt    Object is locked    skipped
        C:\WINDOWS\wiadebug.log    Object is locked    skipped
        C:\WINDOWS\wiaservc.log    Object is locked    skipped
        C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped

        Scan process completed.
        Logged

        Offline guestolo

        • Site Donator
        • Administrator
        • Hero Member
        • *****
        • Posts: 16034
        • Karma: +1/-0
          • View Profile
          • http://
        Topic for some1ok
        « Reply #47 on: April 01, 2008, 08:18:09 PM »
        Nothing bad from Kaspersky's
        Anything bad is in backup folders from tools we used, or in system restore folders
        We can deal with that later

        Go to START>>RUN>>copy and paste the next command to the open field

        ComboFix /u

        then hit OK
        This will uninstall Combofix

        Afterwards
        Find and delete the following folder
        C:\QooBox <-this folder

        Double-click ATF-Cleaner.exe to run the program.
              Under Main choose: Select All
              Click the Empty Selected button.

        If you use Firefox browser
              Click Firefox at the top and choose: Select All
              Click the Empty Selected button.
              NOTE: If you would like to keep your saved passwords, please click No at the prompt.

        If you use Opera browser

              Click Opera at the top and choose: Select All
              Click the Empty Selected button.
              NOTE: If you would like to keep your saved passwords, please click No at the prompt.

        Click Exit on the Main menu to close the program.

        ========================================
        NOTE: Bootup will be a bit slower after running this cleaner
        It will clear your Prefetch folder, bootup will speed up after this folder is rebuilt

        Double click to run OTMoveIt2.exe
        • Click the Cleanup! button
          A list will be downloaded>>Allow it Internet access if prompted by your Firewall
          Don't change anything in this list
        • Select Yes at the prompt
          Wait for the confirmation box to open to reboot the computer
          Don't mouseclick during the wait as you may cause the tool to stall
        • Select Yes to reboot Now
        NOTE: This procedure will also delete OTMoveit.exe from desktop

        After you have done the above
        Come back, post a fresh hijackthis log, let me know how things are now running

        Remember, you may have to boot a couple times for bootup time increases
        « Last Edit: April 01, 2008, 08:19:29 PM by guestolo »
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Offline some1ok

        • Newbie
        • *
        • Posts: 26
        • Karma: +0/-0
          • View Profile
        Topic for some1ok
        « Reply #48 on: April 04, 2008, 02:55:25 PM »
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 4:14:27 PM, on 4/4/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\QuickTime\QTTask.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
        C:\Program Files\Rogers\SelfHealing\rogersagent.exe
        C:\Program Files\Digital Line Detect\DLG.exe
        C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\SearchIndexer.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wuauclt.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
        O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
        O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
        O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
        O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Digital Line Detect.lnk = ?
        O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
        O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
        O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

        --
        End of file - 10616 bytes
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 4:14:27 PM, on 4/4/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\QuickTime\QTTask.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
        C:\Program Files\Rogers\SelfHealing\rogersagent.exe
        C:\Program Files\Digital Line Detect\DLG.exe
        C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\SearchIndexer.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wuauclt.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
        O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
        O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
        O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
        O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Digital Line Detect.lnk = ?
        O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
        O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
        O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
        O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

        --
        End of file - 10616 bytes


        things are running good.... how do we get rid of the those files quarantined or whatever?
        Logged

        Offline guestolo

        • Site Donator
        • Administrator
        • Hero Member
        • *****
        • Posts: 16034
        • Karma: +1/-0
          • View Profile
          • http://
        Topic for some1ok
        « Reply #49 on: April 04, 2008, 09:11:02 PM »
        Did you do the instructions from Post #48??

        Quote
        Go to START>>RUN>>copy and paste the next command to the open field

        ComboFix /u

        then hit OK
        This will uninstall Combofix

        Afterwards
        Find and delete the following folder
        C:\QooBox <-this folder

        Double-click ATF-Cleaner.exe to run the program.
        Under Main choose: Select All
        Click the Empty Selected button.

        If you use Firefox browser
        Click Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.

        If you use Opera browser

        Click Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.

        Click Exit on the Main menu to close the program.

        ========================================
        NOTE: Bootup will be a bit slower after running this cleaner
        It will clear your Prefetch folder, bootup will speed up after this folder is rebuilt

        Double click to run OTMoveIt2.exe

            * Click the Cleanup! button
              A list will be downloaded>>Allow it Internet access if prompted by your Firewall
              Don't change anything in this list
            * Select Yes at the prompt
              Wait for the confirmation box to open to reboot the computer
              Don't mouseclick during the wait as you may cause the tool to stall
            * Select Yes to reboot Now


        NOTE: This procedure will also delete OTMoveit.exe from desktop

        After you have done the above
        Come back, post a fresh hijackthis log, let me know how things are now running

        Remember, you may have to boot a couple times for bootup time increases

        If so, we removed many of the bad files
        Go and manually delete C:\Qoobox folder if found
        If you did all the above, let me know and we'll do some final steps
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Offline some1ok

        • Newbie
        • *
        • Posts: 26
        • Karma: +0/-0
          • View Profile
        Topic for some1ok
        « Reply #50 on: April 04, 2008, 09:43:58 PM »
        i did them all....but for the combo fix one....it did not find the file :S..
        Logged

        Offline guestolo

        • Site Donator
        • Administrator
        • Hero Member
        • *****
        • Posts: 16034
        • Karma: +1/-0
          • View Profile
          • http://
        Topic for some1ok
        « Reply #51 on: April 04, 2008, 10:48:50 PM »
        Go to START>>All Programs>>Accessories>>System Tools>>System Restore
        Select>>Create a New restore point
        Give it a name, any name,
         and click Create
        Windows will prompt when it was created successfully

        When that's done

        Go to START>>RUN>>type the following
        cleanmgr
        Hit OK
        Let if finish calculating

        Select the More Options tab
        and click Cleanup.. under 'System Restore'
        This will clear all later restore points except for the one you just made

        Ok the prompts, it may take a few seconds to remove old restore points
        Ok again after it's ready and let it finish cleaning

        I suggest that you add SpywareBlaster to your protection software
        SpywareBlaster  by JavaCool  
          *Will block bad ActiveX Controls
          *Block Malevolent cookies in Internet Explorer and Firefox
          *Restrict actions of potentially dangerous sites in Internet Explorer
        After installation, Check for updates
        After updating, select "Protection" on the Left
        Then select "Enable all Protection"
        "Check for updates every couple of weeks"
        after every update just simply click the "enable protection on all unprotected items"

        In addition, it would be a good idea to download and install
        Spybot 1.5.2.20
        During installation, Spybot's TeaTimer will enable by default, this is spyware Realtime protection
        Optionally, you can UNCHECK that option, or use it as a great preventative against spyware
        After installation, Search for and Download all updates
        After updating, utilize the Immunization feature
        Click Immunize>>Immunize again the top green cross
        Do that after every update
        Probably a good idea to Check for Problems and fix anything in Red

        Take a look at miekiemoes site with other ideas on How to prevent Malware:

        I hope that helps  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Offline guestolo

        • Site Donator
        • Administrator
        • Hero Member
        • *****
        • Posts: 16034
        • Karma: +1/-0
          • View Profile
          • http://
        Topic for some1ok
        « Reply #52 on: April 26, 2008, 05:15:03 PM »
        Since your issues appear resolved, I'll lock this topic
        Logged

        Do you want to post your own logs from FRST?

        Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

        Pages: 1 2 [3]
        « previous next »