New Malware.j

Topic:New Malware.j

Remainpoint:0

ScottH

PostTime:12/16/2008 7:51:45 PM

Top

Level:

Professional point:

Experience:

Thread:

308

Post:

995

Total online time:

53M

Joined date:

4/28/2007 10:52:00 PM

Last Visit:

12/16/2008 11:36:38 PM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

Help, my mcafee av ran and found this New Malware.j Virus/trojan but cannot remove/clean or quaranteen it. Heres my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:08:44 AM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\mcshield.exe
D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\AIM\aim.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\uTorrent\utorrent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\Wei admin\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Internet Explorer - {175F900C-97CD-864C-B3A1-4735810F4101} - (no file)
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] "D:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [AIM] "D:\PROGRA~1\AIM\aim.exe" -cnetwait.odl
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Servio de protocolo Microsoft SSVP (svchostx) - Unknown owner - D:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


ryandg	PostTime:12/16/2008 10:30:50 PM	Point:0 \| # 1
Level: 1 Professional point: 78 Experience: 9 Thread: 286 Post: 947 Total online time: 9M Joined date: 4/29/2007 12:17:00 AM Last Visit: 12/16/2008 11:26:07 PM Status:	Heres the SAS PRo log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/13/2007 at 01:46 PM Application Version : 3.7.1018 Core Rules Database Version : 3237 Trace Rules Database Version: 1248 Scan type : Complete Scan Total Scan Time : 01:33:56 Memory items scanned : 419 Memory threats detected : 1 Registry items scanned : 5613 Registry threats detected : 2 File items scanned : 72148 File threats detected : 53 Trojan.WindowsUpdate D:\WINDOWS\SYSTEM\SVCHOST.EXE D:\WINDOWS\SYSTEM\SVCHOST.EXE Unclassified.Unknown Origin HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364D99-1240-4dff-B12A-67E448373148} Adware.Tracking Cookie D:\Documents and Settings\Wei admin\Cookies\wei admin@2o7[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@adbrite[2].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@html[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@advertising[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@ehg-cbsradio.hitbox[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@financialcontent.advertserve[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@fastclick[2].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@112.2o7[2].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@ads.adbrite[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@atwola[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@edge.ru4[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@revsci[2].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@mediaplex[1].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@atdmt[2].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@hitbox[2].txt D:\Documents and Settings\Wei admin\Cookies\wei admin@doubleclick[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@2o7[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@4.adbrite[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@ad.yieldmanager[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@adbrite[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@adopt.specificclick[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@ads.addynamix[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@ads.pointroll[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@advertising[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@atdmt[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@casalemedia[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@citi.bridgetrack[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@doubleclick[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wbloahazmgp.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wfk4uhcpceo.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wfliqldpccp.stats.esomniture[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wjk4ehd5wcq.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wjkyohazeho.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wjkysjd5wbq.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wjl4kmdzkeo.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wjmisidjcgo.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@e-2dj6wjnyemcjgap.stats.esomniture[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@edge.ru4[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@ehg-dig.hitbox[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@hitbox[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@mediaplex[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@msnportal.112.2o7[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@nextag[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@questionmarket[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@realmedia[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@revenue[1].txt C:\Documents and Settings\xpChn\Cookies\xpchn@revsci[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@serving-sys[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@specificclick[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@tacoda[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@tribalfusion[2].txt C:\Documents and Settings\xpChn\Cookies\xpchn@zedo[1].txt Adware.AdSponsor HKCR\AppId\{73364D99-1240-4dff-B12A-67E448373148} and the new HJT log Logfile of HijackThis v1.99.1 Scan saved at 2:04:48 PM, on 5/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Network Associates\Common Framework\FrameworkService.exe D:\Program Files\Network Associates\VirusScan\mcshield.exe D:\Program Files\Network Associates\VirusScan\vstskmgr.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\QuickTime\qttask.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE D:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\PeerGuardian2\pg2.exe D:\PROGRA~1\AIM\aim.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Wei admin\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Internet Explorer - {175F900C-97CD-864C-B3A1-4735810F4101} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PeerGuardian] "D:\Program Files\PeerGuardian2\pg2.exe" O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: PowerReg Scheduler.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NavLogon - D:\WINDOWS\ O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Servio de protocolo Microsoft SSVP (svchostx) - Unknown owner - D:\WINDOWS\system\svchost.exe (file missing)


ScottH	PostTime:12/16/2008 10:38:04 PM	Point:0 \| # 2
Level: 2 Professional point: 1 Experience: 53 Thread: 308 Post: 995 Total online time: 53M Joined date: 4/28/2007 10:52:00 PM Last Visit: 12/16/2008 11:36:38 PM Status:	Rescan with Hijack This. Close all browser windows except Hijack This. Put a check mark beside these entries and click "Fix Checked". O2 - BHO: Microsoft Internet Explorer - {175F900C-97CD-864C-B3A1-4735810F4101} - (no file) O23 - Service: Servio de protocolo Microsoft SSVP (svchostx) - Unknown owner - D:\WINDOWS\system\svchost.exe (file missing) Reboot, post a new log. How are things now?


PohTayToez	PostTime:12/16/2008 11:21:31 PM	Point:0 \| # 3
Level: 1 Professional point: 3 Experience: 8 Thread: 285 Post: 966 Total online time: 8M Joined date: 4/28/2007 11:55:00 PM Last Visit: 12/16/2008 11:44:45 PM Status:	Looks good Now turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer. Turn System Restore back on and create a restore point. To create a restore point: Single-click Start and point to All Programs. Mouse over Accessories, then System Tools, and select System Restore. In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done. You can mark your thread "Solved" from the Thread Tools drop down menu.


Pc_Pimp	PostTime:12/17/2008 12:30:23 AM	Point:0 \| # 4
Level: 1 Professional point: 95 Experience: 1 Thread: 268 Post: 947 Total online time: 1M Joined date: 4/28/2007 11:29:00 PM Last Visit: 12/17/2008 12:23:49 AM Status:	Download the Trial version of Superantispyware Pro (SAS): http://www.superantispyware.com/supe....html?rid=3132 Install it and double-click the icon on your desktop to run it. ?It will ask if you want to update the program definitions, click Yes. ?Under Configuration and Preferences, click the Preferences button. ?Click the Scanning Control tab. ?Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others unchecked. o Click the Close button to leave the control center screen. ?On the main screen, under Scan for Harmful Software click Scan your computer. ?On the left check C:\Fixed Drive. ?On the right, under Complete Scan, choose Perform Complete Scan. ?Click Next to start the scan. Please be patient while it scans your computer. ?After the scan is complete a summary box will appear. Click OK. ?Make sure everything in the white box has a check next to it, then click Next. ?It will quarantine what it found and if it asks if you want to reboot, click Yes. ?To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. ?Click close and close again to exit the program. ?Please paste that information here for me with a new Hijack This log.


codeman0013	PostTime:12/17/2008 12:41:51 AM	Point:0 \| # 5
Level: 1 Professional point: 36 Experience: 4 Thread: 297 Post: 994 Total online time: 4M Joined date: 4/28/2007 10:56:00 PM Last Visit: 12/16/2008 11:36:14 PM Status:	Click Start > Run > and type in: services.msc Click OK. In the services window find: Servio de protocolo Microsoft SSVP Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility. Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest. In Hijack This, click on the "Open Misc Tools section" button. Next click the "Delete an NT service" button. Copy and paste the following in that box: svchostx Click OK. Reboot, post new log.

Sorry, you are not login, click here to login