1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP!! hijack this log inside.

Discussion in 'Windows - Virus and spyware problems' started by PiedPiper, Jan 25, 2006.

  1. PiedPiper

    PiedPiper Member

    Joined:
    Jan 25, 2006
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Could some please have a look at this log for me and tell me what to delete. Normally i can work out myself how to stop the popups nd stuff, but cant this time!!
    Also when i press control, alt and delete the task manager does not appear! What could be causing this?!
    Any help would be greatly appreciated
    Thanks in advance
    Dan

    HiJack This Log :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:08:24, on 25/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\winupdates\winupdates.exe
    C:\windows\winsysban3.exe
    C:\WINDOWS\newfrn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\VCClient\VCClient.exe
    C:\Program Files\Common Files\VCClient\VCMain.exe
    C:\Program Files\bama\tlii.exe
    C:\WINDOWS\RGFu\command.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\WINDOWS\ABox.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [GhostSurfDelSatellite] C:\Program Files\GhostSurf 2005\DeleteSatellite.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
    O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
    O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSN Service Drivers] svchost.exe
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt ndrv
    O4 - HKCU\..\RunServices: [MSN Service Drivers] svchost.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba2218.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFu\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
     
  2. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    theese lines all need fixing,

    C:\Program Files\bama\tlii.exe (trojan)

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    (rbot worm, i think it has deleted your task manager but dont worry its well easy to get back)

    C:\windows\winsysban3.exe
    (dont know what this is..you may want to look into this acauly befoe you fix it)

    C:\Program Files\Network Monitor\netmon.exe
    (MIMAIL.M WORM)

    C:\WINDOWS\ABox.exe
    (adware uses trojan techniqeus to install)

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - (no file)

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
    O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe

    (i dont know what this winsy3 is and i think its unsafe)

    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

    O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe

    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - HKCU\..\Run: [Sen] "C:\Program Files\bama\tlii.exe" -vt ndrv

    O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe

    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe

    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba2218.exe


    remove all theese...also these will help run them.

    http://housecall.trendmicro.com/

    and

    http://www.ewido.net/en/download/

    after doing what ive told you send a fresh HJT log.
     
    Last edited: Jan 25, 2006
  3. PiedPiper

    PiedPiper Member

    Joined:
    Jan 25, 2006
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Hi dude
    sry its taken me so long to reply, bin workin loads recently.
    Erm done evrything you said nd run a couple of the online virus scanners. comp seems a bit better but i still get this freeprod toolbar tryin to install itself.
    Heres a new HJT log :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:17:06, on 29/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\logon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
    C:\WINDOWS\svchost.exe
    C:\Program Files\Common Files\Windows\services32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spool.exe
    C:\usbdrivr098.exe
    C:\DOCUME~1\Dan\LOCALS~1\Temp\TMP55.tmp\iol2.exe
    C:\HJT\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [GhostSurfDelSatellite] C:\Program Files\GhostSurf 2005\DeleteSatellite.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [MSN Service Drivers] svchost.exe
    O4 - HKLM\..\Run: [Microsoft System Support] spool.exe
    O4 - HKLM\..\RunServices: [MSN Service Drivers] svchost.exe
    O4 - HKLM\..\RunServices: [Microsoft System Support] spool.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSN Service Drivers] svchost.exe
    O4 - HKCU\..\Run: [Microsoft System Support] spool.exe
    O4 - HKCU\..\RunServices: [MSN Service Drivers] svchost.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\KGDIR.DLL
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFu\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    Cheers again

    Dan
     
  4. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    I dont know about this and crap like this comonly has spyware fix it,

    O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe



    fix thoose then Disable system restore, control panel>performance and maintnace>see basic info on your comp>system restore> check the box that says turn off system restore, we have to do this because when a virus,worm,or a Trojan infects you System Restore can back up the virus,worm,or Trojan on the computer, then you can reboot and enable it aggain and create a new restore point if you want.

    and then boot into safe mode with networking (tap f8 as the computer boots and choose safe mode with networking)and run thoose scans.

    http://housecall.trendmicro.com/

    and

    http://www.ewido.net/en/download/

    after theese restart the comp and go into normal mode and run HJT once aggain, this shouldve cleaned everything out.

    good luck.
     
  5. PiedPiper

    PiedPiper Member

    Joined:
    Jan 25, 2006
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    11
    Cheers mate will try this now. I have also downloaded AVG anti virus and ewido anti spyware programs so will run these in safemode as well.
    Thanks
    Dan
     
  6. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66

Share This Page