B.skitodayplease, a.doginhispen, 88.80.7.66

Status
Not open for further replies.

fancyrat

Posts: 9   +0
Hi, these have been on my computer for a couple weeks now and I cant get rid of them. They keep closing my IE windows and minimizing full screen applications periodically. I've posted on other forums and no one has yet attempted to help me after several days. I would post my HJT log, but it wont let me post links.

.
 
Hi fancyrat,

Please download and run SmitFraudfix, make sure you follow the instructions on the download page.

--------------------------------------------------------------------

Download the ATF cleaner programme and save it to your desktop.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Reboot into normal mode.
-------------------------------------------------------------------------------------------------------
Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad.

Post the log file created in your next post.

This thread is for the use of fancyrat only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks for the quick response and help first of all. I did everything you said thus far and here is the report:


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 03/09/2008
The current time is: 15:36:34.10


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

05/11/2000 02:00 AM 90,112 UpdReg.EXE
12/05/2006 04:38 PM 707,360 vVX3000.exe
2 File(s) 797,472 bytes

Directory of C:\PROGRA~1\DOWNLO~1\BAK

03/05/2007 02:57 PM 1,103,480 DLM.exe
1 File(s) 1,103,480 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

01/12/2007 06:48 PM 275,800 LifeExp.exe
1 File(s) 275,800 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

03/08/2008 12:21 PM 14,348 qttask.exe
1 File(s) 14,348 bytes

Directory of C:\PROGRA~1\SPYBOT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\TELUS_~1\BAK

01/24/2007 02:55 PM 1,007,720 eCareTrayApp.exe
1 File(s) 1,007,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

02/28/2006 05:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\AMD\DUAL-C~1\BAK

11/17/2006 05:49 PM 77,824 amd_dc_opt.exe
1 File(s) 77,824 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

09/10/2002 10:26 PM 368,706 CFD.exe
1 File(s) 368,706 bytes

Directory of C:\PROGRA~1\GAMESPY\COMRADE\BAK

06/29/2007 04:03 PM 36,864 Comrade.exe
1 File(s) 36,864 bytes

Directory of C:\PROGRA~1\IGN\DOWNLO~1\BAK

03/05/2007 01:57 PM 1,103,480 dlm.exe
1 File(s) 1,103,480 bytes

Directory of C:\PROGRA~1\IRIVER\IRIVER~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK\BAK

09/01/2006 04:57 PM 282,624 qttask.exe
1 File(s) 282,624 bytes


02/18/2007 08:21 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 08:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\BAK

11/10/2006 01:35 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\CREATIVE\SBLIVE\PROGRAM\BAK

11/29/2001 02:00 AM 28,672 ADGJDet.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

03/14/2007 03:43 AM 83,608 jusched.exe
1 File(s) 83,608 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

02/22/2008 05:25 AM 144,784 jusched.exe
1 File(s) 144,784 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Mar 8 2008 "C:\WINDOWS\UpdReg.EXE"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"
14348 Mar 8 2008 "C:\WINDOWS\vVX3000.exe"
707360 Dec 5 2006 "C:\WINDOWS\bak\vVX3000.exe"
707360 Dec 5 2006 "C:\Program Files\Microsoft LifeCam\Driver32\VX3000\vVX3000.exe"
707360 Dec 5 2006 "C:\WINDOWS\system32\DRVSTORE\VX3000_0433D7FB800BA3CD73AE2E16AC2F9C4C9B45C2DE\vVX3000.exe"
14348 Mar 8 2008 "C:\Program Files\Download Manager\DLM.exe"
1103480 Mar 5 2007 "C:\Program Files\Download Manager\bak\DLM.exe"
1103480 Mar 5 2007 "C:\Program Files\IGN\Download Manager\bak\dlm.exe"
14348 Mar 8 2008 "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
275800 Jan 12 2007 "C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Mar 8 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Mar 8 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
14348 Mar 8 2008 "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
2097488 Jan 28 2008 "C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
14348 Mar 8 2008 "C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe"
1007720 Jan 24 2007 "C:\Program Files\TELUS_eCare_Lite\bak\eCareTrayApp.exe"
15360 Feb 28 2006 "C:\WINDOWS\system32\ctfmon.exe"
15360 Feb 28 2006 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Mar 8 2008 "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
77824 Nov 17 2006 "C:\Program Files\AMD\Dual-Core Optimizer\bak\amd_dc_opt.exe"
14348 Mar 8 2008 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
14348 Mar 8 2008 "C:\Program Files\GameSpy\Comrade\Comrade.exe"
36864 Jun 29 2007 "C:\Program Files\GameSpy\Comrade\bak\Comrade.exe"
14348 Mar 8 2008 "C:\Program Files\Download Manager\DLM.exe"
1103480 Mar 5 2007 "C:\Program Files\Download Manager\bak\DLM.exe"
1103480 Mar 5 2007 "C:\Program Files\IGN\Download Manager\bak\dlm.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
14348 Mar 8 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
14348 Mar 8 2008 "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 Feb 18 2007 "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
14348 Mar 8 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
14348 Mar 8 2008 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
90112 Nov 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
14348 Mar 8 2008 "C:\Program Files\Creative\SBLive\Program\ADGJDet.exe"
28672 Nov 29 2001 "C:\Program Files\Creative\SBLive\Program\bak\ADGJDet.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
14348 Mar 8 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\bak\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
14348 Mar 8 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\bak\jusched.exe"


end of report
 
Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

Just make sure to paste it below the line.
It may take a few minutes to complete, so please be patient.

"C:\WINDOWS\bak\UpdReg.EXE"
"C:\WINDOWS\bak\vVX3000.exe"
"C:\Program Files\Download Manager\bak\DLM.exe"
"C:\Program Files\IGN\Download Manager\bak\dlm.exe"
"C:\Program Files\Microsoft LifeCam\bak\LifeExp.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\QuickTime\bak\bak\qttask.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\QuickTime\bak\bak\qttask.exe"
"C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
"C:\Program Files\TELUS_eCare_Lite\bak\eCareTrayApp.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\AMD\Dual-Core Optimizer\bak\amd_dc_opt.exe"
"C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
"C:\Program Files\GameSpy\Comrade\bak\Comrade.exe"
"C:\Program Files\Download Manager\bak\DLM.exe"
"C:\Program Files\IGN\Download Manager\bak\dlm.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\QuickTime\bak\bak\qttask.exe"
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak\CLIStart.exe"
"C:\Program Files\Creative\SBLive\Program\bak\ADGJDet.exe"
"C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
"C:\Program Files\Java\jre1.6.0_05\bin\bak\jusched.exe"
"C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
"C:\Program Files\Java\jre1.6.0_05\bin\bak\jusched.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.
 
Ok then,

Please double-click the FindAWF icon once again.

Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.

C:\WINDOWS\bak
C:\Program Files\Download Manager\bak
C:\Program Files\IGN\Download Manager\bak
C:\Program Files\Microsoft LifeCam\bak
C:\Program Files\QuickTime\bak
C:\Program Files\QuickTime\bak\bak
C:\Program Files\Spybot - Search & Destroy\bak
C:\Program Files\TELUS_eCare_Lite\bak
C:\WINDOWS\system32\bak
C:\Program Files\AMD\Dual-Core Optimizer\bak
C:\Program Files\BroadJump\Client Foundation\bak
C:\Program Files\GameSpy\Comrade\bak
C:\Program Files\Download Manager\bak
C:\Program Files\IGN\Download Manager\bak
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\bak
C:\Program Files\Creative\SBLive\Program\bak
C:\Program Files\Java\jre1.6.0_01\bin\bak
C:\Program Files\Java\jre1.6.0_05\bin\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log. Post the new log as an attachment.

Also disable the Spybot realtime monitoring by using the advanced options in spybot.
 
Double-click FindAWF.exe to start the tool. Then, do the following
Select "option #2 - Restore files from bak folders" by typing 2 and press Enter .
A text file will open up. Please copy/paste the following text from the quote box (all except the word QUOTE) into the text file.

Just make sure to paste it below the line.
It may take a few minutes to complete, so please be patient.

"C:\Program Files\QuickTime\bak\bak\qttask.exe"
"C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
"C:\Program Files\QuickTime\bak\bak\qttask.exe"
"C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"

Close the .txt file and click Yes to save the changes.
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt in your next reply as an attachment.

Hopefully nearly there.
 
Ok then,

For real time monitoring in spybot, open spybot, got to TOOLS, then go to RESIDENT and uncheck resident 'teatimer'

Please double-click the FindAWF icon once again.

Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed: Again scroll down the file to where it says START HERE.

C:\Program Files\QuickTime\bak\bak
C:\Program Files\Spybot - Search & Destroy\bak
C:\Program Files\Java\jre1.6.0_01\bin\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log. Post the new log as an attachment.
 
Ok, I found it thanks. Teatimer is disabled, and here are the latest results. I have to go for a while right now but I'll back in a hour or two and I'll get back to this whenever I find your available again. Thanks again for your help so far.
 
You might want to copy these instructions down.

Boot into safe mode. See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

Double click on the following service(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok to disable.

Quicktime
Spybot resident protection


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there)

Tea timer and quicktime

Locate and delete the following bold folders(if there).

C:\Program Files\QuickTime\bak\bak
C:\Program Files\Spybot - Search & Destroy\bak


Reboot into normal mode and rehide your protected OS files.

Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Please post a Hijackthislog as well please.
 
Ok, everything is done yet again, awf is attached and here is HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:01 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iPlusAgent2] "C:\Program Files\iriver\iriver plus 2\iAgent2.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tumerok.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188186832093
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6249 bytes
 
Run FindAWF again and select option 4, choosing to continue to reset the Internet Zones. Select the Exit option when complete.

You also need to get a firewall and antivirus immediately.

Have HJT fix this entry,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Do you know this?
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe

If not fix it too.

Also you should navigate to the HJT folder and rename the .exe file as crusty.exe.

After you have done that and gotten an antivirus and firewall please post back with a new HJT log as an attachment.
 
All is done and HJT log attached. I downloaded the avg free edition antivirus. Comrade is 'Gamespy Comrade', some buddy program that installed with crysis. I un-installed it because I don't use it anyhow.
 
I have been problem free now since sunday thanks to your help. I chose to download the Online Armor firewall. It seems good so far. Telus e-care is some ISP assistance program Ive never used so is now gone as well.
 
To create a clean restore point,

Turn off system restore.(XP) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Hope that everything works out ok for you and if there are any problems then post back in this thread.

Kritius
 
Status
Not open for further replies.
Back