Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

My Computer Seems to Have a Mind of I'ts Own

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

My Computer Seems to Have a Mind of I'ts Own

Unread postby social misfit » May 12th, 2008, 12:44 am

To Whom It May Concern: 5/11\08


I originally asked for help and received instructions about a month

ago but was unable to execute your plan due to personal circumsrances.

I still need help desperatly. My computer creates new files, hidden

files, denies me access, and when I try to gain access through

security settings it will force a shut down then on reboot deny me

logon. I've lost count of how many times I have reinstalled XP. I

hate the fact that some *%@#*!*^%# invaded and controles my computer.
A friend suggested I get a new hard drive. Even if that did work I

would consider it a hollow victory. I want defeat the *@%#*%. MAU

helped me rid my moms computer of a ZLOB Trojan Downloader last year.

I included a HijackThis and Smit Fraud file. I will not make a move

until I hear back from you. Thanx


Logfile of HijackThis v1.99.1
Scan saved at 8:20:48 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\Temporary Directory 4 for

hijackthis1991.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://windowsupdate.microsoft.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program

Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://www.update.microsoft.com/windows ... en/x86/cli

ent/wuweb_site.cab?1209618387393
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://www.update.microsoft.com/microso ... s/en/x86/c

lient/muweb_site.cab?1209618774799
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

- C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ,

s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ETJ - Sysinternals - http://www.sysinternals.com -

C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\ETJ.exe
O23 - Service: WRPU - Sysinternals - http://www.sysinternals.com -

C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\WRPU.exe

______________________________________________________________________

______________________________________________________________________

SmitFraudFix v2.306

Scan done at 20:17:17.14, Sun 05/11/2008
Run from C:\Documents and Settings\phuqtoo\Desktop\DWNLDS\viris spy

analizers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\phuqtoo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\phuqtoo\Application

Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\phuqtoo\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{4F1A865E-0D6A-4DAE-BB9C-3ACE7DF96E5

D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am
Top
Advertisement
Register to Remove

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby Carolyn » May 19th, 2008, 3:56 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

There is a newer version of HijackThis available.

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Important: Before posting a new log:

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked.


Please post the new HijackThis log and the stall list in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby social misfit » May 19th, 2008, 9:39 pm

here is the HJT and Uninstall list requested

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:33 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9618387393
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9618774799
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ETJ - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\ETJ.exe
O23 - Service: GFQMBW - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\GFQMBW.exe
O23 - Service: WRPU - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\WRPU.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 4365 bytes

uninstall list

Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Agere Systems PCI Soft Modem
AVG Free 8.0
Basic Webcam
Belkin Wireless USB Utility
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HS Virtual Piano 1.0
IC 435C Webcam
Intel(R) Extreme Graphics Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service

Provider Package
Microsoft Compression Client Pack 1.0 for Windows

XP
Microsoft Internationalized Domain Names Mitigation

APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack

1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.12)
MSXML 6.0 Parser (KB933579)
Opera 9.23
RolloSONIC 1.0
Security Update for Windows Internet Explorer 7

(KB938127)
Security Update for Windows Internet Explorer 7

(KB944533)
Security Update for Windows Media Player 6.4

(KB925398)
Security Update for Windows Media Player 9

(KB917734)
Security Update for Windows Media Player 9

(KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
VideoLAN VLC media player 0.8.6f
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am
Top

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby Carolyn » May 20th, 2008, 2:56 am

Hello,

Please re-enable all of the items you had disabled using Autoruns.
I see that you have used Sysinternal's Autoruns to disable a number of items on your computer - the details of those items are replaced by "AutorunsDisabled" in the HijackThis log. I need to see the details for those items in your logs. If necessary, we can disable them again later.


Download CCleaner from here.

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.


Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with main.txt and extra.txt.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby social misfit » May 25th, 2008, 3:10 am

I tried several times to run kapersky scan but received page error notice each time. I followed other instructions and here is dekher report


Deckard's System Scanner v20071014.68
Run by phuqtoo on 2008-05-24 23:59:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as phuqtoo.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:40 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\phuqtoo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\phuqtoo.exe
C:\Program Files\Dr. System\MrClean.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9618387393
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9618774799
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ETJ - Unknown owner - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\ETJ.exe (file missing)
O23 - Service: GFQMBW - Unknown owner - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\GFQMBW.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WRPU - Unknown owner - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\WRPU.exe (file missing)
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5385 bytes

-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-24 19:24:53 0 d-------- C:\Program Files\BySoft FreeRAM
2008-05-24 01:35:43 0 d-------- C:\Program Files\WinPcap
2008-05-24 01:19:59 0 d-------- C:\Program Files\Champion Software
2008-05-24 01:18:20 0 d-------- C:\Program Files\Dr. System
2008-05-24 01:17:44 0 d-------- C:\Program Files\SerialMon
2008-05-24 01:14:41 0 d-------- C:\Program Files\Karen's Power Tools
2008-05-24 01:13:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2008-05-23 07:05:09 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Wireshark
2008-05-23 06:51:10 0 d-------- C:\Program Files\Wireshark
2008-05-23 06:37:55 0 d-------- C:\Program Files\Vasilios Applications
2008-05-23 06:36:32 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 14:44:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-21 14:43:56 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-21 14:10:18 0 dr-h---c- C:\Documents and Settings\phuqtoo\Recent
2008-05-21 13:34:06 0 d-------- C:\Program Files\Quick StartUp
2008-05-21 13:25:38 0 d-------- C:\Program Files\Windows XP Tweaks
2008-05-21 10:30:04 0 d-------- C:\Program Files\CCleaner
2008-05-21 09:04:29 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\LimeWire
2008-05-21 08:59:15 0 d-------- C:\Program Files\Java
2008-05-21 08:58:32 0 d-------- C:\Program Files\Common Files\Java
2008-05-21 08:55:03 0 d-------- C:\Program Files\LimeWire
2008-05-19 21:16:50 0 d------c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Application Data\Identities
2008-05-19 21:16:34 0 d--h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\NetHood
2008-05-19 21:16:34 0 dr-----c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\My Documents
2008-05-19 21:16:34 0 d--h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Local Settings
2008-05-19 21:16:34 0 dr-----c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Favorites
2008-05-19 21:16:34 0 d------c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Desktop
2008-05-19 21:16:34 0 d--hs--c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Cookies
2008-05-19 21:16:34 0 dr-h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Application Data
2008-05-19 21:16:34 0 d---s--c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Application Data\Microsoft
2008-05-19 21:16:33 0 d--h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Templates
2008-05-19 21:16:33 0 dr-----c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Start Menu
2008-05-19 21:16:33 0 dr-h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\SendTo
2008-05-19 21:16:33 0 dr-h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\Recent
2008-05-19 21:16:33 0 d--h---c- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\PrintHood
2008-05-19 21:16:33 786432 --ah----- C:\Documents and Settings\Guest.PHUQ2-N66C1KNDO\NTUSER.DAT
2008-05-19 18:31:46 0 d-------- C:\Program Files\Trend Micro
2008-05-12 03:05:59 0 d-------- C:\Program Files\MSXML 6.0
2008-05-11 21:50:02 0 d-------- C:\Program Files\RolloSONIC 1.0
2008-05-11 20:58:43 0 dr-----c- C:\Documents and Settings\LocalService\My Documents
2008-05-11 20:58:36 0 dr-h---c- C:\Documents and Settings\LocalService\Recent
2008-05-11 20:00:37 0 d--h----- C:\WINDOWS\PIF
2008-05-11 19:56:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-11 19:44:23 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-11 19:44:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-11 19:35:34 0 d-------- C:\Program Files\MSBuild
2008-05-11 19:15:33 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-11 19:13:45 0 d-------- C:\Program Files\Reference Assemblies
2008-05-11 19:01:09 3002806 --a------ C:\WINDOWS\system32\DTOK
2008-05-11 18:59:32 752 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-11 18:56:56 3003200 --a------ C:\WINDOWS\system32\MIDOTLF
2008-05-11 18:33:10 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-11 17:52:17 0 d-------- C:\WINDOWS\network diagnostic
2008-05-11 15:01:07 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\AVGTOOLBAR
2008-05-11 08:22:23 0 d-------- C:\WINDOWS\Prefetch
2008-05-11 00:01:42 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-10 22:20:37 0 d-------- C:\WINDOWS\PAC207
2008-05-10 22:10:33 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 16:24:22 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\vlc
2008-05-10 15:34:49 0 d-------- C:\Program Files\VideoLAN
2008-05-10 07:02:27 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Google
2008-05-10 07:00:32 0 d-------- C:\webcam driver pack
2008-05-10 06:46:21 0 --a------ C:\SQ.bin
2008-05-10 04:17:50 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Macromedia
2008-05-10 04:17:46 0 d------c- C:\Documents and Settings\All Users\Application Data\Google
2008-05-10 04:17:39 0 d-------- C:\Program Files\Google
2008-05-10 04:13:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-10 04:12:55 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Mozilla
2008-05-10 04:12:10 402944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
2008-05-09 06:06:34 0 d-------- C:\Program Files\Windows Defender
2008-05-09 00:14:51 0 d-------- C:\WINDOWS\pss
2008-05-08 22:42:18 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Comodo
2008-05-08 22:42:12 0 d------c- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-08 22:42:09 0 d-------- C:\Program Files\COMODO
2008-05-08 17:25:54 0 d--hs---- C:\found.000
2008-05-01 11:02:00 0 d---s--c- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-01 11:02:00 0 d------c- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-01 11:02:00 0 d---s--c- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-01 11:01:59 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-01 11:01:59 0 d--h---c- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-01 11:01:56 0 d--h---c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-05-01 11:01:56 0 d---s--c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-05-01 11:01:56 0 d------c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-05-01 11:01:56 0 d---s--c- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-05-01 11:01:55 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-05-01 11:00:53 0 d--h----- C:\$AVG8.VAULT$
2008-05-01 05:25:13 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-01 05:24:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-01 05:22:50 0 d-------- C:\Program Files\AVG
2008-05-01 04:52:28 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-01 04:52:25 0 d------c- C:\Documents and Settings\LocalService\Start Menu
2008-05-01 04:28:42 0 d------c- C:\Documents and Settings\All Users\Application Data\Privacyware
2008-05-01 02:51:08 0 d-------- C:\Program Files\HiddenFinder
2008-05-01 02:42:30 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-01 02:42:30 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-01 02:42:24 0 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-01 02:42:24 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-01 02:42:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-01 02:38:23 0 d-------- C:\WINDOWS\peernet
2008-05-01 02:38:22 0 d-------- C:\WINDOWS\provisioning
2008-05-01 02:33:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-01 02:26:53 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-01 02:21:51 0 d-------- C:\WINDOWS\EHome
2008-05-01 01:24:43 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-01 00:52:16 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-01 00:52:16 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-01 00:41:57 0 dr-----c- C:\Documents and Settings\NetworkService\My Documents
2008-05-01 00:41:30 0 dr-h---c- C:\Documents and Settings\NetworkService\Recent
2008-05-01 00:35:14 0 d-------- C:\WINDOWS\Internet Logs
2008-04-30 23:58:16 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-30 23:57:50 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-30 23:35:12 0 d------c- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-30 22:35:56 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-30 22:13:43 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-30 22:13:39 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-30 22:12:25 0 d-------- C:\WINDOWS\system32\bits
2008-04-30 22:06:38 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-30 22:06:06 0 d--hs---- C:\Documents and Settings\phuqtoo\UserData
2008-04-30 22:04:47 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Opera
2008-04-30 22:03:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 22:01:20 0 d-------- C:\Program Files\Belkin
2008-04-30 22:01:00 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-30 21:41:59 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Adobe
2008-04-30 21:18:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-30 21:17:04 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-30 21:10:32 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\WinPatrol
2008-04-30 21:10:26 0 d-------- C:\Program Files\BillP Studios
2008-04-30 20:43:25 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\OnlineArmor(2)
2008-04-30 20:14:31 0 d------c- C:\Documents and Settings\Guest\Templates
2008-04-30 20:14:31 262144 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-04-30 20:14:31 0 d------c- C:\Documents and Settings\Guest\Local Settings
2008-04-30 20:14:31 0 d------c- C:\Documents and Settings\Guest\Cookies
2008-04-30 20:14:31 0 d------c- C:\Documents and Settings\Guest\Application Data
2008-04-30 20:14:31 0 d------c- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-04-30 19:56:27 0 d-------- C:\Program Files\Tall Emu
2008-04-30 19:54:33 0 d-------- C:\Program Files\Mozilla Firefox(2)
2008-04-30 19:54:12 0 d-------- C:\Program Files\Opera
2008-04-30 19:54:09 3145728 --a------ C:\Documents and Settings\phuqtoo\ntuser.dat
2008-04-30 19:54:09 229376 --a------ C:\Documents and Settings\NetworkService\ntuser.dat
2008-04-30 19:54:09 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-30 19:46:50 0 d------c- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-30 19:31:55 0 d------c- C:\Documents and Settings\All Users\Application Data\HP
2008-04-30 19:31:03 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-30 19:28:37 0 d-------- C:\Program Files\Common Files\HP
2008-04-30 19:27:52 0 d------c- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-30 19:27:15 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-30 19:26:15 0 d-------- C:\Program Files\HP
2008-04-30 19:24:43 2828 --a------ C:\WINDOWS\hphmdl15.dat
2008-04-30 19:24:43 137639 --a------ C:\WINDOWS\HPHins15.dat
2008-04-30 18:59:55 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-30 18:57:11 0 d--hs---- C:\WINDOWS\Installer
2008-04-30 18:57:08 0 d------c- C:\Documents and Settings\phuqtoo\Application Data\Identities
2008-04-30 18:56:56 0 d--h----- C:\Documents and Settings\phuqtoo\Templates
2008-04-30 18:56:56 0 dr------- C:\Documents and Settings\phuqtoo\Start Menu
2008-04-30 18:56:56 0 dr-h----- C:\Documents and Settings\phuqtoo\SendTo
2008-04-30 18:56:56 0 d--h----- C:\Documents and Settings\phuqtoo\PrintHood
2008-04-30 18:56:56 0 d--h----- C:\Documents and Settings\phuqtoo\NetHood
2008-04-30 18:56:56 0 dr------- C:\Documents and Settings\phuqtoo\My Documents
2008-04-30 18:56:56 0 d--h----- C:\Documents and Settings\phuqtoo\Local Settings
2008-04-30 18:56:56 0 dr------- C:\Documents and Settings\phuqtoo\Favorites
2008-04-30 18:56:56 0 d------c- C:\Documents and Settings\phuqtoo\Desktop
2008-04-30 18:56:56 0 d--hs--c- C:\Documents and Settings\phuqtoo\Cookies
2008-04-30 18:56:56 0 d--h---c- C:\Documents and Settings\phuqtoo\Application Data
2008-04-30 18:56:21 0 d--hs---- C:\System Volume Information
2008-04-30 18:56:19 0 d--h---c- C:\Documents and Settings\LocalService\Local Settings
2008-04-30 18:56:19 0 d--hs--c- C:\Documents and Settings\LocalService\Cookies
2008-04-30 18:56:19 0 d------c- C:\Documents and Settings\LocalService\Application Data
2008-04-30 18:56:19 0 d---s--c- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-30 18:56:18 0 d--h---c- C:\Documents and Settings\NetworkService\Local Settings
2008-04-30 18:56:18 0 d---s--c- C:\Documents and Settings\NetworkService\Cookies
2008-04-30 18:56:18 0 d------c- C:\Documents and Settings\NetworkService\Application Data
2008-04-30 18:56:18 0 d---s--c- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-30 18:52:43 0 d-------- C:\WINDOWS\system32\xircom
2008-04-30 18:52:43 0 d-------- C:\Program Files\microsoft frontpage
2008-04-30 18:52:27 266240 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-30 18:52:20 0 -rahs---- C:\MSDOS.SYS
2008-04-30 18:52:20 0 -rahs---- C:\IO.SYS
2008-04-30 18:52:20 0 --a------ C:\CONFIG.SYS
2008-04-30 18:52:20 0 --a------ C:\AUTOEXEC.BAT
2008-04-30 18:51:12 0 d--hs--c- C:\Documents and Settings\All Users\DRM
2008-04-30 18:51:00 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-30 18:51:00 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-30 18:50:27 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-30 18:49:51 0 d---s---- C:\WINDOWS\Tasks
2008-04-30 18:49:49 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-30 18:49:41 0 d-------- C:\WINDOWS\srchasst
2008-04-30 18:49:39 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-30 18:49:36 0 d-------- C:\Program Files\Movie Maker
2008-04-30 18:49:16 0 d-------- C:\WINDOWS\system32\Restore
2008-04-30 18:49:16 0 d-------- C:\WINDOWS\PCHealth
2008-04-30 18:48:24 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-30 18:48:06 0 d-------- C:\WINDOWS\Registration
2008-04-30 18:47:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-30 18:47:58 0 d-------- C:\Program Files\Online Services
2008-04-30 18:47:49 0 d-------- C:\Program Files\Messenger
2008-04-30 18:47:41 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-30 18:46:44 0 d-------- C:\Program Files\Windows NT
2008-04-30 18:46:36 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-30 18:46:35 0 d-------- C:\WINDOWS\system32\Com
2008-04-30 11:40:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-30 11:40:01 0 dr------- C:\Program Files
2008-04-30 11:40:01 0 d-------- C:\Program Files\Common Files
2008-04-30 11:40:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-30 11:39:38 0 d--h---c- C:\Documents and Settings\Default User\Templates
2008-04-30 11:39:38 0 dr-----c- C:\Documents and Settings\Default User\Start Menu
2008-04-30 11:39:38 0 dr-h---c- C:\Documents and Settings\Default User\Local Settings
2008-04-30 11:39:38 0 d--h---c- C:\Documents and Settings\All Users\Templates
2008-04-30 11:39:38 0 dr-----c- C:\Documents and Settings\All Users\Start Menu
2008-04-30 11:39:38 0 d------c- C:\Documents and Settings\All Users\Favorites
2008-04-30 11:39:38 0 dr-----c- C:\Documents and Settings\All Users\Documents
2008-04-30 11:39:38 0 d------c- C:\Documents and Settings\All Users\Desktop
2008-04-30 11:39:37 0 dr-h---c- C:\Documents and Settings\Default User\SendTo
2008-04-30 11:39:37 0 d--h---c- C:\Documents and Settings\Default User\Recent
2008-04-30 11:39:37 0 d--h---c- C:\Documents and Settings\Default User\PrintHood
2008-04-30 11:39:37 0 d--h---c- C:\Documents and Settings\Default User\NetHood
2008-04-30 11:39:37 0 d------c- C:\Documents and Settings\Default User\My Documents
2008-04-30 11:39:37 0 d------c- C:\Documents and Settings\Default User\Favorites
2008-04-30 11:39:37 0 d------c- C:\Documents and Settings\Default User\Desktop
2008-04-30 11:39:37 0 d--hs--c- C:\Documents and Settings\Default User\Cookies
2008-04-30 11:39:26 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-30 11:39:26 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-30 11:39:21 0 dr-h---c- C:\Documents and Settings\Default User\Application Data
2008-04-30 11:39:21 0 d---s--c- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-30 11:39:20 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-30 11:39:20 0 d---s--c- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-30 11:38:58 0 d-------- C:\Documents and Settings
2008-04-30 11:32:08 0 d-------- C:\WINDOWS
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\WinSxS
2008-04-30 11:32:08 0 dr------- C:\WINDOWS\Web
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\twain_32
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\wins
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\wbem
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\usmt
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\spool
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\Setup
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\ras
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\oobe
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\npp
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\mui
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\IME
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\ias
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\export
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\drivers
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-30 11:32:08 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\config
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\3076
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\2052
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1054
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1042
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1041
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1037
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1033
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1031
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1028
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system32\1025
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\system
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\security
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Resources
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\repair
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\mui
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\msapps
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\msagent
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Media
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\java
2008-04-30 11:32:08 0 d--h----- C:\WINDOWS\inf
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\ime
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Help
2008-04-30 11:32:08 0 dr--s---- C:\WINDOWS\Fonts
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Driver Cache
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Debug
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Cursors
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\Config
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\AppPatch
2008-04-30 11:32:08 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-30 11:39:37 62 --ahs---- C:\Documents and Settings\phuqtoo\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/11/2008 03:01 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/11/2008 03:01 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/20/2004 03:55 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/20/2004 03:51 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/01/2008 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/26/2008 10:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [12/17/2004 01:44 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/30/2008 9:18:59 PM]
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [10/28/2005 11:23:10 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc




-- End of Deckard's System Scanner: finished at 2008-05-25 00:01:00 ------------
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am
Top

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby Carolyn » May 27th, 2008, 7:09 am

Started a post in this thread in error :oops:
I will post further instructions here shortly....
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby Carolyn » May 27th, 2008, 11:47 am

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Your computer has less than the recommended amount of Memory (RAM) for running Windows XP You should consider adding additional Memory to the system.

Total Physical Memory: 248 MiB (512 MiB recommended).


Disable MS Defender until the computer is clean

Microsoft Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.


Let's begin cleaning your computer...

Step1:
Please re-enable all of the items you had disabled using Autoruns.
I see that you have used Sysinternal's Autoruns to disable a number of items on your computer - the details of those items are replaced by "AutorunsDisabled" in the HijackThis log. I need to see the details for those items in your logs. If necessary, we can disable them again later.

Step 2:
Open Notepad, paste the following code box contents into the text.
Code: Select all
sc stop "ETJ"
sc delete "ETJ"
sc stop "GFQMBW"
sc delete "GFQMBW"
sc stop "WRPU"
sc delete "WRPU"


Use Notepad's File, Save As to save it to your desktop as File type All Files (not as text file or it won't work), and file name FixSvc.bat
Exit Notepad and double click on FixSvc.bat
A Command window will flash on and off.

REBOOT your machine. Sign in to your usual account.


Step 3:

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O23 - Service: ETJ - Unknown owner - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\ETJ.exe (file missing)

    O23 - Service: GFQMBW - Unknown owner - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\GFQMBW.exe (file missing)

    O23 - Service: WRPU - Unknown owner - C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\WRPU.exe (file missing)

    O24 - Desktop Component 0: (no name) - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Step 4:

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\ETJ.exe
C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\GFQMBW.exe
C:\DOCUME~1\phuqtoo\LOCALS~1\Temp\WRPU.exe


Click on MoveIt! (2).

When done, click on Exit (3).

Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.

Please refer to this picture for using OTMoveIt.

Image

The log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Please post this log in your next reply.


Step 5:

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!


Step 6:

  1. Click here to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  2. Click on Scan your PC now.
  3. A new window will open.
  4. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  5. Click on Free online scan.
  6. You will be prompted to install an ActiveX. Please allow it.
  7. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  8. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  9. The scan will start. It takes a while, please be patient.
  10. Once done, click on View Report.
  11. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.


Step 7:
Please post the following in your next reply:
  • The OTMoveIt2 log
  • The Panda report
  • and a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Top

Re: My Computer Seems to Have a Mind of I'ts Own

Unread postby NonSuch » June 1st, 2008, 3:17 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 534 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index