[urmaserendipity85]

this is in IE, hope it works


ComboFix 07-12-28.1 - Sys 2007-12-29 20:12:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.189 [GMT 0:00]
Running from: C:\Documents and Settings\Sys\Desktop\Emma's PC Drivers\Virus Removal\ComboFix.exe
.


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.


2007-12-29 18:30 . 2007-12-29 18:30 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\Grisoft
2007-12-29 18:29 . 2007-12-29 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 18:29 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-29 14:40 . 2007-12-29 16:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-29 11:24 . 2007-12-29 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 11:23 . 2007-12-29 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 11:23 . 2007-12-29 11:23 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\SUPERAntiSpyware.com
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 11:15 . 2007-12-29 11:15 <DIR> d-------- C:\Program Files\CCleaner
2007-12-28 20:47 . 2007-12-28 20:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 00:05 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\STOPzilla!
2007-12-21 00:05 . 2007-12-21 00:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-21 00:05 . 2007-12-29 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-20 23:14 . 2007-12-20 23:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-20 23:13 . 2007-12-28 22:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-20 23:13 . 2007-12-28 22:03 24,576 --a------ C:\WINDOWS\system32\FirstReboot .exe
2007-12-20 22:58 . 2007-12-29 16:18 <DIR> d-------- C:\WINDOWS\system32\daSgo18
2007-12-20 22:58 . 2007-12-20 22:58 134 --a------ C:\n.bat


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-29 15:33 --------- d-----w C:\Program Files\QuickTime
2007-12-29 14:30 --------- d-----w C:\Documents and Settings\Sys\Application Data\OpenOffice.org2
2007-12-28 23:05 --------- d-----w C:\Program Files\SymNetDrv
2007-12-28 23:05 --------- d-----w C:\Program Files\Kontiki
2007-12-28 23:05 --------- d-----w C:\Program Files\iTunes
2007-12-28 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 10:44 10 ----a-w C:\Program Files\.autoreg
2007-12-22 21:27 --------- d-----w C:\Program Files\LimeWire
2007-12-22 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:51 --------- d-----w C:\Program Files\Symantec
2007-12-22 12:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-19 21:38 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-14 20:25 --------- d-----w C:\Documents and Settings\Sys\Application Data\Media Player Classic
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 23:03 --------- d-----w C:\Program Files\Channel4
2007-11-02 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 18:23 --------- d-----w C:\Program Files\Java
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-05 10:11 225,280 ----a-r C:\WINDOWS\system32\SZBase5.dll
2007-10-04 22:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-04 21:40 442,368 ----a-w C:\WINDOWS\system32\vp6vfw.dll
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"SoundFusion"="RunDll32 hercplgs.cpl" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]


C:\Documents and Settings\Sys\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install


R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-01-30 14:05]
R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-01-21 13:20]
R3 hercspud;Hercules (R) WDM Audio Driver;C:\WINDOWS\system32\drivers\hercspud.sys [2003-01-10 08:21]
R3 hercwdm;Hercules (R) WDM Interface Driver;C:\WINDOWS\system32\drivers\hercwdm.sys [2003-01-10 08:21]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 05:03]
R3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 00:00]
S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys []


*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contents of the 'Scheduled Tasks' folder
"2006-12-18 23:30:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sys.job"
- C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-28 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2007-12-29 18:36:26 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 20:16:33
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
Completion time: 2007-12-29 20:17:54
.
2007-12-12 23:21:02 --- E O F ---
ComboFix 07-12-28.1 - Sys 2007-12-29 20:12:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.189 [GMT 0:00]
Running from: C:\Documents and Settings\Sys\Desktop\Emma's PC Drivers\Virus Removal\ComboFix.exe
.


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.


2007-12-29 18:30 . 2007-12-29 18:30 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\Grisoft
2007-12-29 18:29 . 2007-12-29 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 18:29 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-29 14:40 . 2007-12-29 16:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-29 11:24 . 2007-12-29 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 11:23 . 2007-12-29 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 11:23 . 2007-12-29 11:23 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\SUPERAntiSpyware.com
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 11:15 . 2007-12-29 11:15 <DIR> d-------- C:\Program Files\CCleaner
2007-12-28 20:47 . 2007-12-28 20:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 00:05 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\STOPzilla!
2007-12-21 00:05 . 2007-12-21 00:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-21 00:05 . 2007-12-29 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-20 23:14 . 2007-12-20 23:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-20 23:13 . 2007-12-28 22:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-20 23:13 . 2007-12-28 22:03 24,576 --a------ C:\WINDOWS\system32\FirstReboot .exe
2007-12-20 22:58 . 2007-12-29 16:18 <DIR> d-------- C:\WINDOWS\system32\daSgo18
2007-12-20 22:58 . 2007-12-20 22:58 134 --a------ C:\n.bat


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-29 15:33 --------- d-----w C:\Program Files\QuickTime
2007-12-29 14:30 --------- d-----w C:\Documents and Settings\Sys\Application Data\OpenOffice.org2
2007-12-28 23:05 --------- d-----w C:\Program Files\SymNetDrv
2007-12-28 23:05 --------- d-----w C:\Program Files\Kontiki
2007-12-28 23:05 --------- d-----w C:\Program Files\iTunes
2007-12-28 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 10:44 10 ----a-w C:\Program Files\.autoreg
2007-12-22 21:27 --------- d-----w C:\Program Files\LimeWire
2007-12-22 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:51 --------- d-----w C:\Program Files\Symantec
2007-12-22 12:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-19 21:38 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-14 20:25 --------- d-----w C:\Documents and Settings\Sys\Application Data\Media Player Classic
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 23:03 --------- d-----w C:\Program Files\Channel4
2007-11-02 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 18:23 --------- d-----w C:\Program Files\Java
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-05 10:11 225,280 ----a-r C:\WINDOWS\system32\SZBase5.dll
2007-10-04 22:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-04 21:40 442,368 ----a-w C:\WINDOWS\system32\vp6vfw.dll
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"SoundFusion"="RunDll32 hercplgs.cpl" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]


C:\Documents and Settings\Sys\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install


R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-01-30 14:05]
R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-01-21 13:20]
R3 hercspud;Hercules (R) WDM Audio Driver;C:\WINDOWS\system32\drivers\hercspud.sys [2003-01-10 08:21]
R3 hercwdm;Hercules (R) WDM Interface Driver;C:\WINDOWS\system32\drivers\hercwdm.sys [2003-01-10 08:21]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 05:03]
R3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 00:00]
S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys []


*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contents of the 'Scheduled Tasks' folder
"2006-12-18 23:30:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sys.job"
- C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-28 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2007-12-29 18:36:26 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 20:16:33
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
Completion time: 2007-12-29 20:17:54
.
2007-12-12 23:21:02 --- E O F ---

[evilfantasy]

Looks like we will need to use IE until this is figured out. I am going to try to reboot. Back with more instructions in a minute.

[evilfantasy]

Delete these files/folders, as follows:

* Open notepad and copy/paste the text below into it

==========

File::
C:\WINDOWS\system32\daSgo18

Folder::
C:\n.bat

===========

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Rename HijackThis

• Go to C:\Program Files\Trend Micro\HijackThis.exe
• Right click on HijackThis.exe and select Rename.
• Type in sniper.exe and press Enter.
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)

Then run a new HijackThis scan and post that log also.

[urmaserendipity85]

new combofix log:

ComboFix 07-12-28.1 - Sys 2007-12-30 13:11:47.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.84 [GMT 0:00]
Running from: C:\Documents and Settings\Sys\Desktop\Emma's PC Drivers\Virus Removal\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sys\Desktop\Emma's PC Drivers\Virus Removal\CFScript.txt
FILE
C:\WINDOWS\system32\daSgo18
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\n.bat\
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-29 18:30 . 2007-12-29 18:30 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\Grisoft
2007-12-29 18:29 . 2007-12-29 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 18:29 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-29 14:40 . 2007-12-29 16:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-29 11:24 . 2007-12-29 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 11:23 . 2007-12-29 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 11:23 . 2007-12-29 11:23 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\SUPERAntiSpyware.com
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-29 11:15 . 2007-12-29 11:15 <DIR> d-------- C:\Program Files\CCleaner
2007-12-28 20:47 . 2007-12-28 20:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 00:05 . 2007-12-21 21:36 <DIR> d-------- C:\Program Files\STOPzilla!
2007-12-21 00:05 . 2007-12-21 00:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-21 00:05 . 2007-12-30 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-20 23:14 . 2007-12-20 23:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-20 23:13 . 2007-12-28 22:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-20 23:13 . 2007-12-28 22:03 24,576 --a------ C:\WINDOWS\system32\FirstReboot .exe
2007-12-20 22:58 . 2007-12-29 16:18 <DIR> d-------- C:\WINDOWS\system32\daSgo18
2007-12-20 22:58 . 2007-12-20 22:58 134 --a------ C:\n.bat
2007-11-19 21:43 . 2007-12-30 11:26 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\OpenOffice.org2
2007-11-19 21:36 . 2007-11-19 21:38 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-14 20:25 . 2007-11-14 20:25 <DIR> d-------- C:\Documents and Settings\Sys\Application Data\Media Player Classic
2007-11-02 23:03 . 2007-12-28 23:05 <DIR> d-------- C:\Program Files\Kontiki
2007-11-02 23:03 . 2007-11-02 23:03 <DIR> d-------- C:\Program Files\Channel4
2007-11-02 23:02 . 2007-11-02 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2007-12-29 15:33 --------- d-----w C:\Program Files\QuickTime
2007-12-28 23:05 --------- d-----w C:\Program Files\SymNetDrv
2007-12-28 23:05 --------- d-----w C:\Program Files\iTunes
2007-12-28 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 10:44 10 ----a-w C:\Program Files\.autoreg
2007-12-22 21:27 --------- d-----w C:\Program Files\LimeWire
2007-12-22 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 15:51 --------- d-----w C:\Program Files\Symantec
2007-12-22 12:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 18:23 --------- d-----w C:\Program Files\Java
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-05 10:11 225,280 ----a-r C:\WINDOWS\system32\SZBase5.dll
2007-10-04 22:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-04 21:40 442,368 ----a-w C:\WINDOWS\system32\vp6vfw.dll
2007-09-13 16:36 311,296 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2007-09-13 16:36 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2007-09-13 16:35 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2007-09-13 16:35 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2007-09-13 16:35 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2007-09-13 16:34 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2007-09-13 16:34 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2007-09-13 16:34 700,416 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2007-09-13 16:34 200,704 ----a-r C:\WINDOWS\system32\IS3Win325.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-29_20.16.48.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-30 11:24:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"SoundFusion"="RunDll32 hercplgs.cpl" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
C:\Documents and Settings\Sys\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-01-30 14:05]
R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-01-21 13:20]
R3 hercspud;Hercules (R) WDM Audio Driver;C:\WINDOWS\system32\drivers\hercspud.sys [2003-01-10 08:21]
R3 hercwdm;Hercules (R) WDM Interface Driver;C:\WINDOWS\system32\drivers\hercwdm.sys [2003-01-10 08:21]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 05:03]
R3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 00:00]
S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys []
*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2006-12-18 23:30:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Sys.job"
- C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-28 20:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-12-30 11:25:37 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 13:19:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 13:20:55
C:\ComboFix2.txt ... 2007-12-29 20:17
.
2007-12-12 23:21:02 --- E O F ---




new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:47, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dippydory85.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1147035800334
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147035790920
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AC686DA-E6A6-4D5E-9657-C20BC898CBDB}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A4AA2AF-2269-4390-97B5-3056EEF12CAB}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A40E8826-791F-4388-B920-D58CC8BB5E1F}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9733CA2-ACD7-4D9B-9C50-E51B9040150C}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC4DEB6-3386-4E37-9E74-0D33488F9E42}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E2C8B0-EBF3-40AD-9CFD-0F7617A8EB83}: NameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D0D809-68AA-4D0D-B982-64F2CF44D2F9}: NameServer = 192.168.16.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2393F2B4-E1BF-47BE-9725-1A677A9FDF36}: NameServer = 192.168.16.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 10106 bytes




is there any reason why my IE is running much slower than firefox? is it because it's infected?

[evilfantasy]

Quote:

is there any reason why my IE is running much slower than firefox? is it because it's infected?

Not sure why. It could be due to the toolbars. Norton, Google and STOPzilla.


Go to add/remove programs and look for Windows Messenger and uninstall it if there.<-- Not to be confused with MSN Messenger.


Open HijackThis and select Do a system scan only. Place a check mark next to ALL of the 017- entries. Close all windows and click Fix checked. Then reboot the computer.


Now download The Avenger By Swandog46, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the Input script manually box.
* Click on the Magnifying Glass Icon which will open a new window titled View/edit script
* Copy the bold text below, and paste it in the box that opens:

Files to delete:
C:\WINDOWS\system32\daSgo18
Folders to delete:
C:\n.bat

Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system

* Now click the 'Done' button.
* Click on the Green Light and OK the prompt.
* You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

The Avenger will automatically do the following:

* It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Please attach the C:\avenger.txt in your next post.


Also let me know how the computer is running now.

[urmaserendipity85]

ok DISASTER! my internet has stopped working i've had to borrow my flatmate's computer - I'm connected to the wireless network but I can't connect to any pages, what do I do? I can't keep using this computer!!! I've tried restarting my computer and I've swtiched the router on and off at the socket but nothing has helped!

[urmaserendipity85]

panic over, i checked my internet properties and the DNS server bar was blank so i managed to fix it. see, i'm learning! i'm definately the type to lose my head in a crisis tho!

[evilfantasy]

Good job. It was removing the 017 entries that did it. Usually resetting the router will fix it but you worked it out.

[urmaserendipity85]

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Error: C:\WINDOWS\system32\daSgo18 is a folder, not a file!
Deletion of file C:\WINDOWS\system32\daSgo18 failed!

Could not process line:
C:\WINDOWS\system32\daSgo18
Status: 0xc00000ba



Error: C:\n.bat is not a folder! It may instead be a file.
Deletion of folder C:\n.bat failed!

Could not process line:
C:\n.bat
Status: 0xc0000103


Completed script processing.

*******************

Finished! Terminate.




the computer is running much better, there are no pop ups anymore and no more error messages, yay! i'm guessing there's still more to be done though?

[evilfantasy]

Almost there now. Just need to clean up the mess.


Go to add/remove programs and uninstall all Java versions except for Java 6 Update 3


Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* Select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
* Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

Then locate this folder and delete it. C:\WINDOWS\system32\daSgo18


Download and Install CCleaner (Crap Cleaner)

Be sure to un-check the Install Yahoo! Toolbar button during installation to avoid the unnecessary installation of the Yahoo! Toolbar.

Before first use, check under Options, Advanced, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.
A pop up box will appear advising this process will permanently delete files from your system.


Go to Start > Run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again


Please download OTMoveIt by OldTimer OTMoveIt.exe and place it on your desktop.

1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt


Let me know how everything went.