Help - Search - Members
Full Version: I AM SO INFECTED.
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
happywon
Feb 10 2008, 01:43 AM
Hi I did the hijack file and was hoping someone could help me. Here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:07 PM, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Bell\Security Manager\Fws.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\system32\CTsvcCDA.EXE
G:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
G:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
G:\Program Files\Raxco\PerfectDisk\PDAgent.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\MsPMSPSv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Raxco\PerfectDisk\PDEngine.exe
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\Program Files\Bell\Security Manager\Rps.exe
G:\WINDOWS\system32\igfxtray.exe
G:\WINDOWS\system32\hkcmd.exe
C:\program files\Winamp\winampa.exe
G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\PC Tools AntiVirus\PCTAV.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Outlook Express\msimn.exe
G:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\Program FilesE\Skype\Phone\Skype.exe
G:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
G:\Program Files\Bell\Security Manager\rpsupdaterR.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~2\WINZIP\winzip32.exe
C:\unzipped\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {132E4218-F960-4E17-B3F6-0F05431D81C6} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - G:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - G:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - G:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - G:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - G:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: edfqvrw - {AB41490A-2B8A-414F-BFFB-D3527364EE25} - (no file)
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AHQInit] G:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Sympatico Security Manager] "G:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "G:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [OneCareUI] "G:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] G:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] G:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\program files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AntivirusProtection] G:\Program Files\Antivirus Protection\antivirusprotection.exe /scanstartup
O4 - HKLM\..\Run: [PCTAVApp] "G:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Outlook Express] G:\Program Files\Outlook Express\msimn.exe
O4 - HKCU\..\Run: [xdlapxpdi] g:\documents and settings\valrena\local settings\application data\xdlapxpdi.exe xdlapxpdi
O4 - HKCU\..\Run: [RoboForm] "G:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program FilesE\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] G:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://G:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///G:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194536623484
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse.com/games/tumblebugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgam...mesLauncher.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/pharaohssoli...zylomplayer.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///G:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O21 - SSODL: bfrgnos - {95975A2D-25F7-4578-844D-E1C99FE33796} - (no file)
O21 - SSODL: afxlspw - {F106DDFC-C4E8-4EDD-9DEC-0F5D9978C977} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - G:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - G:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - G:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - G:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - G:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - G:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: Privacy Protection - file:///G:\WINDOWS\privacy_danger\index.htm

--
End of file - 16628 bytes

Thank you so much in advance.
Not so happywon. sad.gif
rridgely
Feb 10 2008, 02:09 AM
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
happywon
Feb 10 2008, 06:49 AM
THANK YOU THANK YOU THANK YOU. I have my desktop pictures back. And it was so easy with your instructions. Did any one ever tell you you should be on a tech forum or something. Your kinda smart that way lol
Below are my second highjack files and Sd files. Thank you so much again.

SDFix: Version 1.139

Run by Valrena on 10/02/2008 at 01:07 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: G:\DOCUME~1\Valrena\Desktop\Fixer\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

G:\Documents and Settings\Valrena\Favorites\Error Cleaner.url - Deleted
G:\Documents and Settings\Valrena\Favorites\Privacy Protector.url - Deleted
G:\Documents and Settings\Valrena\Favorites\Spyware&Malware Protection.url - Deleted
G:\WINDOWS\dat.txt - Deleted
G:\WINDOWS\search_res.txt - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 01:21:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="G:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"G:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="G:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"G:\\Program Files\\Messenger\\msmsgs.exe"="G:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\program files\\dwyco2\\cdc32.exe"="C:\\program files\\dwyco2\\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP"
"G:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="G:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"G:\\Program Files\\Common Files\\AOL\\1190681978\\ee\\aolsoftware.exe"="G:\\Program Files\\Common Files\\AOL\\1190681978\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"G:\\Program Files\\Common Files\\AOL\\1190681978\\ee\\aim6.exe"="G:\\Program Files\\Common Files\\AOL\\1190681978\\ee\\aim6.exe:*:Enabled:AIM"
"G:\\Program Files\\Internet Explorer\\iexplore.exe"="G:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"G:\\WINDOWS\\system32\\mmc.exe"="G:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"G:\\Program Files\\iTunes\\iTunes.exe"="G:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="G:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"G:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="G:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"G:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="G:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="G:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"G:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="G:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"G:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="G:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"G:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="G:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"G:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="G:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Program FilesE\\Skype\\Phone\\Skype.exe"="D:\\Program FilesE\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="G:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - G:\DOCUME~1\Valrena\Desktop\Fixer\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 29 Jul 2007 4,348 A.SH. --- "G:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 7 Aug 2007 0 A.SH. --- "G:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 24 Jan 2008 0 A..H. --- "G:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT5E.tmp"
Sun 29 Jul 2007 4,348 ...H. --- "G:\Documents and Settings\Jacob\My Documents\My Music\License Backup\drmv1key.bak"
Sun 29 Jul 2007 20 A..H. --- "G:\Documents and Settings\Jacob\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 5 May 2007 312 ...H. --- "G:\Documents and Settings\Jacob\My Documents\My Music\License Backup\drmv2key.bak"
Sun 29 Jul 2007 1,536 A..H. --- "G:\Documents and Settings\Jacob\My Documents\My Music\License Backup\drmv2lic.bak"
Sun 6 Feb 2000 69,632 A..H. --- "G:\Documents and Settings\Valrena\My Documents\eGames\Tile Blazer Special Edition\WCSUP.DLL"
Thu 27 Dec 2007 8 A..H. --- "G:\Documents and Settings\All Users\Application Data\Microsoft\OC(4)\Channels(2)\ch1(2)\lock.tmp"
Thu 27 Dec 2007 8 A..H. --- "G:\Documents and Settings\All Users\Application Data\Microsoft\OC(4)\Channels(2)\ch2(2)\lock.tmp"
Sun 23 Dec 2007 8 A..H. --- "G:\Documents and Settings\All Users\Application Data\Microsoft\OC(4)\Channels(2)\ch3(2)\lock.tmp"
Thu 27 Dec 2007 8 A..H. --- "G:\Documents and Settings\All Users\Application Data\Microsoft\OC(4)\Channels(2)\ch4(2)\lock.tmp"
Sun 23 Dec 2007 8 A..H. --- "G:\Documents and Settings\All Users\Application Data\Microsoft\OC(4)\Channels(2)\ch5(2)\lock.tmp"

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:44 AM, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Bell\Security Manager\Fws.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\system32\CTsvcCDA.EXE
G:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
G:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
G:\Program Files\Raxco\PerfectDisk\PDAgent.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\MsPMSPSv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Raxco\PerfectDisk\PDEngine.exe
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Bell\Security Manager\Rps.exe
G:\WINDOWS\system32\igfxtray.exe
G:\WINDOWS\system32\hkcmd.exe
C:\program files\Winamp\winampa.exe
G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\Program Files\PC Tools AntiVirus\PCTAV.exe
G:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\Program Files\Bell\Security Manager\rpsupdaterR.exe
G:\Program Files\Windows Defender\MSASCui.exe
G:\Program Files\Outlook Express\msimn.exe
G:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
G:\Program Files\Messenger\msmsgs.exe
D:\Program FilesE\Skype\Phone\Skype.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\PROGRA~2\WINZIP\winzip32.exe
G:\Documents and Settings\Valrena\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {132E4218-F960-4E17-B3F6-0F05431D81C6} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - G:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - G:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - G:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - G:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - G:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: edfqvrw - {AB41490A-2B8A-414F-BFFB-D3527364EE25} - (no file)
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AHQInit] G:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Sympatico Security Manager] "G:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "G:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] G:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] G:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\program files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCTAVApp] "G:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Outlook Express] G:\Program Files\Outlook Express\msimn.exe
O4 - HKCU\..\Run: [RoboForm] "G:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program FilesE\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: &Windows Live Search - res://G:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Customize Menu - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://G:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: g:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: g:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: g:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///G:/Program%20Files/Christmasville/Images/stg_drm.ocx
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194536623484
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse.com/games/tumblebugs/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/realarcade-webgam...mesLauncher.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/pharaohssoli...zylomplayer.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...6/heartbeat.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///G:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - G:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - G:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - G:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - G:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - G:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Radialpoint Inc. - G:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - G:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

laugh.gif A very happy happywon.
Thanks again
rridgely
Feb 10 2008, 04:48 PM
You have multiple Antivirus programs installed. You need to decided which one to keep and get rid of the other.(personally I would keep AVG)

Open hijackthis and run a system scan. Then check off the following entries:

O3 - Toolbar: edfqvrw - {AB41490A-2B8A-414F-BFFB-D3527364EE25} - (no file)
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU

Press "fix checked" and then exit hijackthis.

-------------

Download Superantispyware
  1. Load Superantispyware and click the check for updates button.
  2. Once the update is finished click the scan your computer button.
  3. Check Perform Complete Scan and then next.
  4. Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  5. Make sure that they all have a check next to them and press next.
  6. Click finish and you will be taken back to the main interface.
  7. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  8. Copy and paste the log onto the forum.


Post a superantispyware log with a new hijackthis log.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.