1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

need help removing some nasty spyware

Discussion in 'General Software' started by cdawall, Sep 22, 2007.

  1. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    i have winantivirus2007 that somehow snuck onto my drive when i let my little bro use my PC...perfect point to how no good deed goes unpunished


    anyone know how to kill this crap cause avast and spybot fail at it and mcafee isnt good for anythong but a paperweight

    here is my log file off of hijackthis

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:43:54 PM, on 9/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mcafee\msc\mcuimgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\crusty.exe
    
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~3\PopUp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - C:\WINDOWS\system32\wvuvwuu.dll
    O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\system32\mlrqenmj.dll
    O2 - BHO: (no name) - {E9D4EBA6-5C96-48EF-8217-941899ADC4FB} - C:\WINDOWS\system32\gebcd.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /T
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O20 - AppInit_DLLs:  C:\WINDOWS\System32\mshta.dll
    O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll
    O20 - Winlogon Notify: wincwg32 - wincwg32.dll (file missing)
    O20 - Winlogon Notify: wvuvwuu - C:\WINDOWS\SYSTEM32\wvuvwuu.dll
    O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    
    --
    End of file - 8678 bytes
    

    thanks to anyone who helps.....
  2. Namslas90 New Member

    Joined:
    Aug 27, 2006
    Messages:
    4,851 (1.66/day)
    Thanks Received:
    555
    Location:
    Earth
    Try MRT.
    cdawall says thanks.
  3. technicks

    technicks

    Joined:
    Apr 23, 2006
    Messages:
    3,560 (1.17/day)
    Thanks Received:
    257
    Location:
    Enschede, The Netherlands
    Send me your mail address.;)

    I will try to help.:)
    cdawall says thanks.
  4. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    thanks

    and running mrt.exe right now ;)
    Last edited: Sep 25, 2007
  5. Ben Clarke

    Ben Clarke

    Joined:
    Aug 10, 2006
    Messages:
    4,403 (1.50/day)
    Thanks Received:
    152
    Location:
    England
    These are the registry keys created by it, if it helps...

    HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL
    HKEY_CLASSES_ROOT\AppID\compcln.dll
    HKEY_CLASSES_ROOT\AppID\FFWraper.DLL
    HKEY_CLASSES_ROOT\AppID\FixCore.DLL
    HKEY_CLASSES_ROOT\AppID\MMFixCtrl.DLL
    HKEY_CLASSES_ROOT\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
    HKEY_CLASSES_ROOT\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
    HKEY_CLASSES_ROOT\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
    HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
    HKEY_CLASSES_ROOT\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
    HKEY_CLASSES_ROOT\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
    HKEY_CLASSES_ROOT\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
    HKEY_CLASSES_ROOT\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
    HKEY_CLASSES_ROOT\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
    HKEY_CLASSES_ROOT\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
    HKEY_CLASSES_ROOT\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
    HKEY_CLASSES_ROOT\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
    HKEY_CLASSES_ROOT\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
    HKEY_CLASSES_ROOT\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
    HKEY_CLASSES_ROOT\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
    HKEY_CLASSES_ROOT\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
    HKEY_CLASSES_ROOT\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
    HKEY_CLASSES_ROOT\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
    HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
    HKEY_CLASSES_ROOT\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
    HKEY_CLASSES_ROOT\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
    HKEY_CLASSES_ROOT\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
    HKEY_CLASSES_ROOT\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
    HKEY_CLASSES_ROOT\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
    HKEY_CLASSES_ROOT\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
    HKEY_CLASSES_ROOT\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
    HKEY_CLASSES_ROOT\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
    HKEY_CLASSES_ROOT\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
    HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
    HKEY_CLASSES_ROOT\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
    HKEY_CLASSES_ROOT\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
    HKEY_CLASSES_ROOT\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
    HKEY_CLASSES_ROOT\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
    HKEY_CLASSES_ROOT\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
    HKEY_CLASSES_ROOT\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
    HKEY_CLASSES_ROOT\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
    HKEY_CLASSES_ROOT\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
    HKEY_CLASSES_ROOT\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
    HKEY_CLASSES_ROOT\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
    HKEY_CLASSES_ROOT\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
    HKEY_CLASSES_ROOT\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
    HKEY_CLASSES_ROOT\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
    HKEY_CLASSES_ROOT\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
    HKEY_CLASSES_ROOT\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
    HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
    HKEY_CLASSES_ROOT\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
    HKEY_CLASSES_ROOT\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
    HKEY_CLASSES_ROOT\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
    HKEY_CLASSES_ROOT\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
    HKEY_CLASSES_ROOT\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
    HKEY_CLASSES_ROOT\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}
    HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
    HKEY_CLASSES_ROOT\CompCleanCore.AppCleaner
    HKEY_CLASSES_ROOT\CompCleanCore.AppCleaner.1
    HKEY_CLASSES_ROOT\CompCleanCore.CCQuickScan
    HKEY_CLASSES_ROOT\CompCleanCore.CCQuickScan.1
    HKEY_CLASSES_ROOT\CompCleanCore.FileCleaner
    HKEY_CLASSES_ROOT\CompCleanCore.FileCleaner.1
    HKEY_CLASSES_ROOT\CompCleanCore.InetCleaner
    HKEY_CLASSES_ROOT\CompCleanCore.InetCleaner.1
    HKEY_CLASSES_ROOT\CompCleanCore.RegCleaner
    HKEY_CLASSES_ROOT\CompCleanCore.RegCleaner.1
    HKEY_CLASSES_ROOT\CompCleanCore.SystemCleaner
    HKEY_CLASSES_ROOT\CompCleanCore.SystemCleaner.1
    HKEY_CLASSES_ROOT\df_fixer.Fixer
    HKEY_CLASSES_ROOT\df_fixer.Fixer.1
    HKEY_CLASSES_ROOT\df_proxy.DriverManipulate
    HKEY_CLASSES_ROOT\df_proxy.DriverManipulate.1
    HKEY_CLASSES_ROOT\FFCom.FlFixer
    HKEY_CLASSES_ROOT\FFWraper.FFEnginWraper
    HKEY_CLASSES_ROOT\FFWraper.FFEnginWraper.1
    HKEY_CLASSES_ROOT\FixCore.MMFixCore
    HKEY_CLASSES_ROOT\FixCore.MMFixCore.1
    HKEY_CLASSES_ROOT\MMFixCtrl.CoFixEngine
    HKEY_CLASSES_ROOT\MMFixCtrl.CoFixEngine.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
    HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftwareHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    \Control\SafeBoot\Minimal\df_km.sys
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
    HKEY_CURRENT_USER\Software\WinSoftware

    Hopefully that helps in removal.
    cdawall says thanks.
  6. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    anyone want to make that into a nice neat regedit file for me :D
  7. Ben Clarke

    Ben Clarke

    Joined:
    Aug 10, 2006
    Messages:
    4,403 (1.50/day)
    Thanks Received:
    152
    Location:
    England
    That'd put them in, not take them out.
  8. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.56/day)
    Thanks Received:
    267
    Location:
    England
    You can make ones that delete I think, but I've never looked into it so don't know how I'm afraid. Might be very easy... Google should have the answer. :)

    I'm not an expert at HijackThis logs - if you went onto the software forums you'd probably get more help, the only thing I would recommend would be to try Spybot and Ad-Aware from safe mode and also give Windows Defender a go. And install SpywareBlaster for the future if you haven't already.
  9. Ben Clarke

    Ben Clarke

    Joined:
    Aug 10, 2006
    Messages:
    4,403 (1.50/day)
    Thanks Received:
    152
    Location:
    England
    Hmm... gimme a minute then, I'll see if I can whip up a key that'll do it.
  10. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.56/day)
    Thanks Received:
    267
    Location:
    England
    Looks quite easy actually, just put a - in front of it.

    Take a look here if you want to read about .reg files.
    cdawall says thanks.
  11. Ben Clarke

    Ben Clarke

    Joined:
    Aug 10, 2006
    Messages:
    4,403 (1.50/day)
    Thanks Received:
    152
    Location:
    England
    OK, I'm about to make the .reg file. Back up your important files now, I dunno how this works, so I dunno if there's values in those keys that Windows needs, so it might crash it. Here goes nothin, I'll make it now.
  12. HellasVagabond New Member

    Joined:
    Jan 19, 2007
    Messages:
    3,404 (1.22/day)
    Thanks Received:
    162
    Location:
    Athens , GREECE
    I good Anti-Malware should do the trick. Did you try Spyware Doctor ?
    cdawall says thanks.
  13. Ben Clarke

    Ben Clarke

    Joined:
    Aug 10, 2006
    Messages:
    4,403 (1.50/day)
    Thanks Received:
    152
    Location:
    England
    Here it is...

    Attached Files:

    cdawall says thanks.
  14. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    yeah i tried several of the big name ones

    adaware--died after 5mins
    s&d--found but could not remove even in safe mode
    mtr--still running
    mcafee--POS didnt find it at all
    ad doctor--found could not remove

    tried some lesser known ones as well story basically goes found could not delete

    all this cept mtr was done in safemode im going to give this a go in linux live if all else fails :D try and run in that you bastard program :p
  15. DRDNA

    DRDNA

    Joined:
    Feb 19, 2006
    Messages:
    4,778 (1.53/day)
    Thanks Received:
    566
    Location:
    New York
    Absolutely ...put it on another PC as a spare drive and scan it then install avgroot kit check to see for hiddin installer
    cdawall says thanks.
  16. HellasVagabond New Member

    Joined:
    Jan 19, 2007
    Messages:
    3,404 (1.22/day)
    Thanks Received:
    162
    Location:
    Athens , GREECE
    Did you try to get into safe mode and then do scans ?
  17. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    lol after all this im really tempted to do what i have needed to do since i got my 7800GS reformat and reinstall windows but i dont want to loose all the random crap i have and dont want to spend the time copying it to my oither drive :nutkick: stupid windows why are you such a pain

  18. Ben Clarke

    Ben Clarke

    Joined:
    Aug 10, 2006
    Messages:
    4,403 (1.50/day)
    Thanks Received:
    152
    Location:
    England
    lol... well, my reg attempt is always above, if you want to try that. And hey, if it screws up, it gives you the excuse to re-install Windows.
  19. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    lol im not that stupid i set a restore point before im going to attempt that currently im waiting for mtr to finish before i do the regedit
  20. HellasVagabond New Member

    Joined:
    Jan 19, 2007
    Messages:
    3,404 (1.22/day)
    Thanks Received:
    162
    Location:
    Athens , GREECE
    I am sure that in safe mode you tried to end some services and tasks via the task manager prior to using the Anti-Virus/Malware...
  21. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    yes i ended everything that i new wasnt supposed to be ther which wasnt hard since ther wer very few programs runnings ;)
  22. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.56/day)
    Thanks Received:
    267
    Location:
    England
    Apparently it could be linked to something called Vundo.

    You should try post number four here and let us know how you get on.
    cdawall says thanks.
  23. Jimmy 2004

    Jimmy 2004 New Member

    Joined:
    Jan 15, 2005
    Messages:
    5,491 (1.56/day)
    Thanks Received:
    267
    Location:
    England
    Edit: try AVG Antispyware and A-Squared as well - they're both free and worth a try.
  24. cdawall where the hell are my stars

    Joined:
    Jul 23, 2006
    Messages:
    20,668 (6.98/day)
    Thanks Received:
    2,981
    Location:
    some AF base
    that vundofix tool has found a tun of shit should be gone shortly then ill use hijackthis adn bens regedit to make sure all the shits gone


    millions of thanks guys and ill post back once ive done all that stuffs :D:D:D:D:D
  25. HellasVagabond New Member

    Joined:
    Jan 19, 2007
    Messages:
    3,404 (1.22/day)
    Thanks Received:
    162
    Location:
    Athens , GREECE
    Could it possibly be a rootkit ?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page