TechSpot

B.skitodayplease, a.doginhispen, 88.80.7.66

By fancyrat
Mar 9, 2008
  1. Hi, these have been on my computer for a couple weeks now and I cant get rid of them. They keep closing my IE windows and minimizing full screen applications periodically. I've posted on other forums and no one has yet attempted to help me after several days. I would post my HJT log, but it wont let me post links.

    .
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Hi fancyrat,

    Please download and run SmitFraudfix, make sure you follow the instructions on the download page.

    --------------------------------------------------------------------

    Download the ATF cleaner programme and save it to your desktop.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Reboot into normal mode.
    -------------------------------------------------------------------------------------------------------
    Please download FindAWF to your Desktop.
    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad.

    Post the log file created in your next post.

    This thread is for the use of fancyrat only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. fancyrat

    fancyrat TS Rookie Topic Starter

    Thanks for the quick response and help first of all. I did everything you said thus far and here is the report:


    Find AWF report by noahdfear ©2006
    Version 1.40

    The current date is: Sun 03/09/2008
    The current time is: 15:36:34.10


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\WINDOWS\BAK

    05/11/2000 02:00 AM 90,112 UpdReg.EXE
    12/05/2006 04:38 PM 707,360 vVX3000.exe
    2 File(s) 797,472 bytes

    Directory of C:\PROGRA~1\DOWNLO~1\BAK

    03/05/2007 02:57 PM 1,103,480 DLM.exe
    1 File(s) 1,103,480 bytes

    Directory of C:\PROGRA~1\MICROS~2\BAK

    01/12/2007 06:48 PM 275,800 LifeExp.exe
    1 File(s) 275,800 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    03/08/2008 12:21 PM 14,348 qttask.exe
    1 File(s) 14,348 bytes

    Directory of C:\PROGRA~1\SPYBOT~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\TELUS_~1\BAK

    01/24/2007 02:55 PM 1,007,720 eCareTrayApp.exe
    1 File(s) 1,007,720 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    02/28/2006 05:00 AM 15,360 ctfmon.exe
    1 File(s) 15,360 bytes

    Directory of C:\PROGRA~1\AMD\DUAL-C~1\BAK

    11/17/2006 05:49 PM 77,824 amd_dc_opt.exe
    1 File(s) 77,824 bytes

    Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

    09/10/2002 10:26 PM 368,706 CFD.exe
    1 File(s) 368,706 bytes

    Directory of C:\PROGRA~1\GAMESPY\COMRADE\BAK

    06/29/2007 04:03 PM 36,864 Comrade.exe
    1 File(s) 36,864 bytes

    Directory of C:\PROGRA~1\IGN\DOWNLO~1\BAK

    03/05/2007 01:57 PM 1,103,480 dlm.exe
    1 File(s) 1,103,480 bytes

    Directory of C:\PROGRA~1\IRIVER\IRIVER~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK\BAK

    09/01/2006 04:57 PM 282,624 qttask.exe
    1 File(s) 282,624 bytes


    02/18/2007 08:21 PM 684,032 DirectCD.exe
    1 File(s) 684,032 bytes

    Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

    10/10/2007 08:51 PM 39,792 Reader_sl.exe
    1 File(s) 39,792 bytes

    Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\BAK

    11/10/2006 01:35 PM 90,112 CLIStart.exe
    1 File(s) 90,112 bytes

    Directory of C:\PROGRA~1\CREATIVE\SBLIVE\PROGRAM\BAK

    11/29/2001 02:00 AM 28,672 ADGJDet.exe
    1 File(s) 28,672 bytes

    Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

    03/14/2007 03:43 AM 83,608 jusched.exe
    1 File(s) 83,608 bytes

    Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

    02/22/2008 05:25 AM 144,784 jusched.exe
    1 File(s) 144,784 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    14348 Mar 8 2008 "C:\WINDOWS\UpdReg.EXE"
    90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
    14348 Mar 8 2008 "C:\WINDOWS\vVX3000.exe"
    707360 Dec 5 2006 "C:\WINDOWS\bak\vVX3000.exe"
    707360 Dec 5 2006 "C:\Program Files\Microsoft LifeCam\Driver32\VX3000\vVX3000.exe"
    707360 Dec 5 2006 "C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\vVX3000.exe"
    14348 Mar 8 2008 "C:\Program Files\Download Manager\DLM.exe"
    1103480 Mar 5 2007 "C:\Program Files\Download Manager\bak\DLM.exe"
    1103480 Mar 5 2007 "C:\Program Files\IGN\Download Manager\bak\dlm.exe"
    14348 Mar 8 2008 "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    275800 Jan 12 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
    14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
    14348 Mar 8 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
    282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
    14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
    14348 Mar 8 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
    282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
    14348 Mar 8 2008 "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    2097488 Jan 28 2008 "C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
    14348 Mar 8 2008 "C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe"
    1007720 Jan 24 2007 "C:\Program Files\TELUS_eCare_Lite\bak\eCareTrayApp.exe"
    15360 Feb 28 2006 "C:\WINDOWS\system32\ctfmon.exe"
    15360 Feb 28 2006 "C:\WINDOWS\system32\bak\ctfmon.exe"
    14348 Mar 8 2008 "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
    77824 Nov 17 2006 "C:\Program Files\AMD\Dual-Core Optimizer\bak\amd_dc_opt.exe"
    14348 Mar 8 2008 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
    368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
    14348 Mar 8 2008 "C:\Program Files\GameSpy\Comrade\Comrade.exe"
    36864 Jun 29 2007 "C:\Program Files\GameSpy\Comrade\bak\Comrade.exe"
    14348 Mar 8 2008 "C:\Program Files\Download Manager\DLM.exe"
    1103480 Mar 5 2007 "C:\Program Files\Download Manager\bak\DLM.exe"
    1103480 Mar 5 2007 "C:\Program Files\IGN\Download Manager\bak\dlm.exe"
    14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
    14348 Mar 8 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
    282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
    14348 Mar 8 2008 "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    684032 Feb 18 2007 "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
    14348 Mar 8 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
    14348 Mar 8 2008 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
    14348 Mar 8 2008 "C:\Program Files\Creative\SBLive\Program\ADGJDet.exe"
    28672 Nov 29 2001 "C:\Program Files\Creative\SBLive\Program\bak\ADGJDet.exe"
    49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    14348 Mar 8 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
    144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\bak\jusched.exe"
    49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    14348 Mar 8 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
    144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\bak\jusched.exe"


    end of report
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Double-click FindAWF.exe to start the tool. Then, do the following
    Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
    A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

    Just make sure to paste it below the line.
    It may take a few minutes to complete, so please be patient.

    Close the .txt file and click Yes to save the changes.
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
     
  5. fancyrat

    fancyrat TS Rookie Topic Starter

    Ok its done, I attached the results.
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Ok then,

    Please double-click the FindAWF icon once again.

    Use the following option: Press 3 then Enter to remove bak folders

    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.


    Next, close and click Yes to save the changes.

    When done with the above, FindAWF automatically runs a new scan and opens a new log. Post the new log as an attachment.

    Also disable the Spybot realtime monitoring by using the advanced options in spybot.
     
  7. fancyrat

    fancyrat TS Rookie Topic Starter

    done, results attached.
     
  8. kritius

    kritius TS Guru Posts: 2,084

    Double-click FindAWF.exe to start the tool. Then, do the following
    Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
    A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

    Just make sure to paste it below the line.
    It may take a few minutes to complete, so please be patient.

    Close the .txt file and click Yes to save the changes.
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

    Hopefully nearly there.
     
  9. fancyrat

    fancyrat TS Rookie Topic Starter

    Attached results. Also Im having some trouble locating the realtime monitoring setting in spybot.
     
  10. kritius

    kritius TS Guru Posts: 2,084

    Ok then,

    For real time monitoring in spybot, open spybot, got to TOOLS, then go to RESIDENT and uncheck resident 'teatimer'

    Please double-click the FindAWF icon once again.

    Use the following option: Press 3 then Enter to remove bak folders

    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.


    Next, close and click Yes to save the changes.

    When done with the above, FindAWF automatically runs a new scan and opens a new log. Post the new log as an attachment.
     
  11. fancyrat

    fancyrat TS Rookie Topic Starter

    Ok, I found it thanks. Teatimer is disabled, and here are the latest results. I have to go for a while right now but I'll back in a hour or two and I'll get back to this whenever I find your available again. Thanks again for your help so far.
     
  12. kritius

    kritius TS Guru Posts: 2,084

    You might want to copy these instructions down.

    Boot into safe mode. See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    Double click on the following service(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok to disable.

    Quicktime
    Spybot resident protection


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there)

    Tea timer and quicktime

    Locate and delete the following bold folders(if there).

    C:\Program Files\QuickTime\bak\bak
    C:\Program Files\Spybot - Search & Destroy\bak


    Reboot into normal mode and rehide your protected OS files.

    Double-click FindAWF.exe to start the tool.
    Select "option #1 - Scan for bak folders" by typing 1 and press Enter
    When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

    Please post a Hijackthislog as well please.
     
  13. fancyrat

    fancyrat TS Rookie Topic Starter

    Ok, everything is done yet again, awf is attached and here is HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:43:01 PM, on 3/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [iPlusAgent2] "C:\Program Files\iriver\iriver plus 2\iAgent2.exe"
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tumerok.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188186832093
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 6249 bytes
     
  14. kritius

    kritius TS Guru Posts: 2,084

    Run FindAWF again and select option 4, choosing to continue to reset the Internet Zones. Select the Exit option when complete.

    You also need to get a firewall and antivirus immediately.

    Have HJT fix this entry,
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Do you know this?
    O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe

    If not fix it too.

    Also you should navigate to the HJT folder and rename the .exe file as crusty.exe.

    After you have done that and gotten an antivirus and firewall please post back with a new HJT log as an attachment.
     
  15. fancyrat

    fancyrat TS Rookie Topic Starter

    All is done and HJT log attached. I downloaded the avg free edition antivirus. Comrade is 'Gamespy Comrade', some buddy program that installed with crysis. I un-installed it because I don't use it anyhow.
     
  16. kritius

    kritius TS Guru Posts: 2,084

    You really should get a firewall as well, either,

    Apart from that your logs are looking a lot better.

    I take it you know what TELUS_eCare_Lite is?

    Are you still clear of problems?
     
  17. fancyrat

    fancyrat TS Rookie Topic Starter

    I have been problem free now since sunday thanks to your help. I chose to download the Online Armor firewall. It seems good so far. Telus e-care is some ISP assistance program Ive never used so is now gone as well.
     
  18. kritius

    kritius TS Guru Posts: 2,084

    To create a clean restore point,

    Turn off system restore.(XP) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Hope that everything works out ok for you and if there are any problems then post back in this thread.

    Kritius
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...