Sorry if I've done this wrong, I'm a newbie. New to pc's as well. I also am having annoying sysprotect and winantivirus pop ups. I did some scans that you suggested in other posts, but I'm unsure of what to remove. I also updated my java. Here is my results. Logfile of HijackThis v1.99.1 Scan saved at 10:58:38 PM, on 25/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Steve B\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/* http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, (Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32 \Userinit.exe O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F- 0090271D4F88} - C:\Program Files\Yahoo! \Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1 \Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0- 4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32 \msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910- F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c ab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405 10.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software- dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86 /client/muweb_site.cab?1126242338225 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab 31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownlo ader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab2751 3.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautoc omplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/csswe b.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.c ab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31 267.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32 \drivers\KodakCCS.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Then I ran Vundo, and did a fix, here are my results VundoFix V6.1.2 Checking Java version... Java version is 1.4.2.5 Java version is 1.5.0.6 Scan started at 9:56:31 PM 25/08/2006 Listing files found while scanning.... C:\WINDOWS\system32\wvwtt.dll C:\WINDOWS\system32\ttwvw.ini C:\WINDOWS\system32\ttwvw.bak1 C:\WINDOWS\system32\ttwvw.bak2 C:\WINDOWS\system32\xxyawxy.dll C:\WINDOWS\system32\avwjwuyr.exe C:\WINDOWS\system32\hdfytnlf.exe C:\WINDOWS\system32\ilxkkwrt.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\wvwtt.dll C:\WINDOWS\system32\wvwtt.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ttwvw.ini C:\WINDOWS\system32\ttwvw.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ttwvw.bak1 C:\WINDOWS\system32\ttwvw.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttwvw.bak2 C:\WINDOWS\system32\ttwvw.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyawxy.dll C:\WINDOWS\system32\xxyawxy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\avwjwuyr.exe C:\WINDOWS\system32\avwjwuyr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hdfytnlf.exe C:\WINDOWS\system32\hdfytnlf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ilxkkwrt.exe C:\WINDOWS\system32\ilxkkwrt.exe Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.2 Checking Java version... Java version is 1.4.2.5 Java version is 1.5.0.6 Scan started at 11:04:34 PM 25/08/2006 Listing files found while scanning.... C:\WINDOWS\system32\wvwtt.dll C:\WINDOWS\system32\ttwvw.ini C:\WINDOWS\system32\ttwvw.bak1 I'm still getting the pop ups, please help. Thank you, Katd
Go here http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe Save the file to your desktop Close all windows. Rune VirtumundoBeGone.exe Read the introductory information, and then click Continue Click Start. When asked if you want to continue, click Yes to run the fix Click "Save Log". Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop. The log created will be called VBG.TXT will be on located on your desktop. Empty your Recyle Bin. Reboot and post new HijackThis log file along with the VBG.TXT into this thread.
Here is my updated hijack this scan Logfile of HijackThis v1.99.1 Scan saved at 12:26:06 PM, on 26/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Documents and Settings\Steve B\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/* http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, (Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32 \Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB- 9B51-7695ECA05670} - C:\Program Files\Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D -784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 \Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644- 206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB- D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F- 0090271D4F88} - C:\Program Files\Yahoo! \Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1 \Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0- 4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32 \msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910- F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c ab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405 10.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software- dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86 /client/muweb_site.cab?1126242338225 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab 31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownlo ader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab2751 3.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautoc omplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/csswe b.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.c ab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31 267.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32 \WgaLogon.dll O20 - Winlogon Notify: wineti32 - wineti32.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32 \drivers\KodakCCS.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe And the VBG scan [08/26/2006, 3:39:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Steve B\Desktop\VirtumundoBeGone.exe" ) [08/26/2006, 3:40:00] - Detected System Information: [08/26/2006, 3:40:00] - Windows Version: 5.1.2600, Service Pack 2 [08/26/2006, 3:40:00] - Current Username: Steve B (Admin) [08/26/2006, 3:40:00] - Windows is in NORMAL mode. [08/26/2006, 3:40:00] - Searching for Browser Helper Objects: [08/26/2006, 3:40:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [08/26/2006, 3:40:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/26/2006, 3:40:00] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [08/26/2006, 3:40:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/26/2006, 3:40:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper [08/26/2006, 3:40:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [08/26/2006, 3:40:00] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/26/2006, 3:40:00] - BHO 5: {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} () [08/26/2006, 3:40:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/26/2006, 3:40:00] - Checking for HKLM\...\Winlogon\Notify\wvwtt [08/26/2006, 3:40:00] - Found: HKLM\...\Winlogon\Notify\wvwtt - This is probably Virtumundo. [08/26/2006, 3:40:00] - Assigning {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} MSEvents Object [08/26/2006, 3:40:00] - BHO list has been changed! Starting over... [08/26/2006, 3:40:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [08/26/2006, 3:40:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/26/2006, 3:40:00] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [08/26/2006, 3:40:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/26/2006, 3:40:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper [08/26/2006, 3:40:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [08/26/2006, 3:40:00] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/26/2006, 3:40:00] - BHO 5: {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} (MSEvents Object) [08/26/2006, 3:40:00] - ALERT: Found MSEvents Object! [08/26/2006, 3:40:00] - Finished Searching Browser Helper Objects [08/26/2006, 3:40:00] - *** Detected MSEvents Object [08/26/2006, 3:40:00] - Trying to remove MSEvents Object... [08/26/2006, 3:40:01] - Terminating Process: IEXPLORE.EXE [08/26/2006, 3:40:03] - Terminating Process: RUNDLL32.EXE [08/26/2006, 3:40:03] - Disabling Automatic Shell Restart [08/26/2006, 3:40:03] - Terminating Process: EXPLORER.EXE [08/26/2006, 3:40:06] - Suspending the NT Session Manager System Service [08/26/2006, 3:40:06] - Terminating Windows NT Logon/Logoff Manager [08/26/2006, 3:40:07] - Re-enabling Automatic Shell Restart [08/26/2006, 3:40:07] - File to disable: C:\WINDOWS\system32\wvwtt.dll [08/26/2006, 3:40:07] - Renaming C:\WINDOWS\system32\wvwtt.dll -> C:\WINDOWS\system32\wvwtt.dll.vir [08/26/2006, 3:40:07] - ! File rename was unsucessful. [08/26/2006, 3:40:07] - Attempting to Deny Access to C:\WINDOWS\system32\wvwtt.dll [08/26/2006, 3:40:08] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work. [08/26/2006, 3:40:08] - processed file: C:\WINDOWS\system32\wvwtt.dll [08/26/2006, 3:40:08] - *** IMPORTANT: The file is disabled and will need to be deleted by the user. [08/26/2006, 3:40:08] - Removing HKLM\...\Browser Helper Objects\{F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} [08/26/2006, 3:40:08] - Removing HKCR\CLSID\{F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} [08/26/2006, 3:40:08] - Adding Kill Bit for ActiveX for GUID: {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} [08/26/2006, 3:40:08] - Deleting ATLEvents/MSEvents Registry entries [08/26/2006, 3:40:08] - Removing HKLM\...\Winlogon\Notify\wvwtt [08/26/2006, 3:40:08] - Searching for Browser Helper Objects: [08/26/2006, 3:40:08] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [08/26/2006, 3:40:08] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/26/2006, 3:40:08] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [08/26/2006, 3:40:08] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/26/2006, 3:40:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper [08/26/2006, 3:40:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [08/26/2006, 3:40:08] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/26/2006, 3:40:08] - Finished Searching Browser Helper Objects [08/26/2006, 3:40:08] - Finishing up... [08/26/2006, 3:40:08] - A restart is needed. [08/26/2006, 3:40:17] - Attempting to Restart via STOP error (Blue Screen!) [08/26/2006, 3:43:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Steve B\Desktop\VirtumundoBeGone.exe" ) [08/26/2006, 3:43:44] - Detected System Information: [08/26/2006, 3:43:44] - Windows Version: 5.1.2600, Service Pack 2 [08/26/2006, 3:43:44] - Current Username: Steve B (Admin) [08/26/2006, 3:43:44] - Windows is in NORMAL mode. [08/26/2006, 3:43:44] - Searching for Browser Helper Objects: [08/26/2006, 3:43:44] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [08/26/2006, 3:43:44] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/26/2006, 3:43:44] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [08/26/2006, 3:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/26/2006, 3:43:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper [08/26/2006, 3:43:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [08/26/2006, 3:43:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/26/2006, 3:43:44] - Finished Searching Browser Helper Objects [08/26/2006, 3:43:44] - Finishing up... [08/26/2006, 3:43:44] - Nothing found! Exiting... Thank you for all your help. Kat
Great! Now, you'll need KillBox. Download it here http://www.downloads.subratam.org/KillBox.zip Note: you may want to print these instructions as you will be in safe mode. Restart your computer in safe mode. Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. You will be prompted to confirm, click Yes. [bold]C:\WINDOWS\system32\wvwtt.dll[/bold] There are some to fix with HijackThis but, you log is to hard ro read. Do this: Run a scan only with HijackThis. Click Save Log. Save to your desktop. Open the .txt with any word program. Set all margins to left. Then, post back with that HijackThis log.
Okay, here is the new hijack this log Logfile of HijackThis v1.99.1 Scan saved at 11:55:40 PM, on 26/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Documents and Settings\Steve B\Desktop\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126242338225 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wineti32 - wineti32.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Now I am having other problems. I can't defrag, keep getting this error message: Action canceled Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable. -------------------------------------------------------------------------------- Please try the following: Click the Refresh button, or try again later. If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline. For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index. and when I tried to fix it I got this message: RefSvr32 Load Library dfrgui.dll failed. The specified module could not be found. I also can't even get into help and support. If I should ask these last questions on another thread, please let me know. Again, thank you for all your help. Kat
In normal mode, run a "Scan Only" with HijackThis, check to fix these. [bold]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*... O20 - Winlogon Notify: wineti32 - wineti32.dll (file missing) [/bold] Then get this http://siri.urz.free.fr/Fix/SmitfraudFix.zip Unzip to your desktop. Open the SmitfraudFix folder and open smitfraudfix.cmd Select [bold]option #1 - Search[/bold] by typing 1 and press Enter.(This may take a while) Do not attemp to run other option unless advised! When it finishes it will create a log name rapport.txt in C: drive. Post that log with the Ewdio log and a new HijackThis log. Viruses could be the culprits to your problems, let's rid them first and then I'll try to help with other problems. Edited for spelling and confusion.
Here's the Killbox log: Pocket Killbox version 2.0.0.648 Running on Windows XP as Steve B(Administrator) was started @ Saturday, August 26, 2006, 11:48 PM # 1 [Files to Delete] Path = C:\WINDOWS\system32\wvwtt.dll *File Was Deleted Killbox Closed(Exit) @ 11:49:57 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Steve B(Administrator) was started @ Sunday, August 27, 2006, 12:28 AM Killbox Closed(Exit) @ 12:29:07 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Steve B(Administrator) was started @ Sunday, August 27, 2006, 12:35 AM Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 12:38:14 AM, on 27/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\notepad.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steve B\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126242338225 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab27513.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) - O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe The SmitfraudFix log: SmitFraudFix v2.81 Scan done at 0:33:45.55, 27/08/2006 Run from C:\Documents and Settings\Steve B\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Steve B\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://images-partners.google.com/images?q=tbn:_lhVDuGfiJwJ:http%3A//www.woodardcreations.net/uploads/stationary.jpg" "SubscribedURL"="http://images-partners.google.com/images?q=tbn:_lhVDuGfiJwJ:http%3A//www.woodardcreations.net/uploads/stationary.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://smileys.smileycentral.com/cat/23/23_5_105.gif" "SubscribedURL"="http://smileys.smileycentral.com/cat/23/23_5_105.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Kat
That's great! Now, you should clean some "crap". Go here http://www.ccleaner.com Download Ccleaner Install and run both "Cleaner" and "Issues" Fix. Then, please explain any problems you are having. I'll help where I can.
Thanks for all your help for the virsues. Now my other problems are, my windows xp disk degrament doesn't work, I get this error message: Action canceled Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable. -------------------------------------------------------------------------------- Please try the following: Click the Refresh button, or try again later. If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline. For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index. I have tried to reinstall these: regsvr32 dfrgsnap.dll regsvr32 dfrgui.dll The first one installed, when I punched in the second one I got this error message:RefSvr32 Load Library dfrgui.dll failed. The specified module could not be found I don't know how else to fix it, any help you can provide would be great. I also can't get into my windows xp help and support, I click the button and nothing happens. Those are the only two probs left at the moment. Kat
Hello again, well I have fixed the help and support problem, it is now working. I'm still having trouble getting my windows xp defrag to work. Is there a program to restore files. I think I'm missing some important ones to run the defrag. Let me know if you have any suggestions. I'm still working on it, so maybe one of us can figure it out. Thank you, Kat
Just wanted to let you know that I fixed both problems, took some time and searching, but I did it. Thanks again, Katd
For the help and support I found a link to repair it after running a reg cleaner. That was my fault. I clicked the link, ran it and it was fixed. For the defrag, I spent hours online and I found someone with the same problem. I followed what they had done and it worked. First, I went into Drive C, windows Service Pack file, then clicked on folder i386, moved dfrgntfs file into Drive C, windows, system 32 folder. THen opened command prompt and typed in cd\windows\system32 then, regsvr32 dfrgsnap.dll then, regsvr32 dfrgui.dll and it worked. I'm just glad to have it all fixed, it was driving me nuts, lol. Katd
