Member Avatar for rollsrobb

hi, ive been having problems with my windows xp last couple of weeks, whenever i open a folder in windows explorer i get a message saying ''Windows Explorer has encountered a problem and needs to close.'' and then jus closes it.
i also occaisionally get identical errors while running firefox or IE.
i have ZoneAlarm pro firewall, Microsoft AntiSpyware, AdAware and Spybot Search and Destroy, which i run scans on regulary but i have some of what i believe is spyware in my laptop. I have been browsing other topics and found that you tell people to download HackThis and post the logs so you guys can help me out.
so heres my log, please try and help me out, thanks.

Logfile of HijackThis v1.99.1
Scan saved at 04:35:32, on 22/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rhys\Desktop\New Folder\HijackThis.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31403
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\PR48SM~1.DLL
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {069D83E5-1BD8-429A-880D-EE038F315784} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {069D83E5-1BD8-429A-880D-EE038F315784} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {13F77752-53DD-435C-BB83-67A817EBDCA4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {13F77752-53DD-435C-BB83-67A817EBDCA4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {16BBB15C-D267-41E7-ABA2-C09F08C1EE2E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {16BBB15C-D267-41E7-ABA2-C09F08C1EE2E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1B9BF6E3-E9FD-49B3-A77A-8CBC824018C4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1B9BF6E3-E9FD-49B3-A77A-8CBC824018C4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2361A06F-56CE-4BD8-BF49-FF002FB56D0A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2361A06F-56CE-4BD8-BF49-FF002FB56D0A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3AEB5BC8-8EED-4C5D-9AB8-AF8800142BF4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3AEB5BC8-8EED-4C5D-9AB8-AF8800142BF4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {42CFF772-B6A5-4DC3-B449-9822B6D93870} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {42CFF772-B6A5-4DC3-B449-9822B6D93870} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {50740C38-6D56-44DA-AC04-16E3660AD2EF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {50740C38-6D56-44DA-AC04-16E3660AD2EF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5424BE36-4EA9-4364-B525-24EFFA38A651} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5424BE36-4EA9-4364-B525-24EFFA38A651} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5947BD8E-1AAF-4DDA-BA4E-E91F1A68B04D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5947BD8E-1AAF-4DDA-BA4E-E91F1A68B04D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {59E7B0B2-F6DC-4FC3-8B1C-BA5FB39505A0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {59E7B0B2-F6DC-4FC3-8B1C-BA5FB39505A0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6B008FF3-2C46-43C9-A7F6-FC08AB3F73A4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6B008FF3-2C46-43C9-A7F6-FC08AB3F73A4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E6D4BD5-A2F0-46BF-A557-1225078347D6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E6D4BD5-A2F0-46BF-A557-1225078347D6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {754F227C-CF6A-4498-8DF5-BEC811315B71} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {754F227C-CF6A-4498-8DF5-BEC811315B71} - (no file) (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A5BF1F47-472C-46D2-B66E-88A24E3BBCF4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5BF1F47-472C-46D2-B66E-88A24E3BBCF4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B1FAE686-C215-46EC-B0D4-23CA5E69A9BF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B1FAE686-C215-46EC-B0D4-23CA5E69A9BF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B7451BE7-E09F-43E3-939E-3ECEE9E9322B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7451BE7-E09F-43E3-939E-3ECEE9E9322B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B76E66A9-9EF4-40C2-9EF9-413CFB698C97} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B76E66A9-9EF4-40C2-9EF9-413CFB698C97} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8A0CDB4-9822-4274-9DB8-CA61E4E3EED2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8A0CDB4-9822-4274-9DB8-CA61E4E3EED2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C6C87681-2ADC-4A8E-B6FF-8F453A80DBC8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C6C87681-2ADC-4A8E-B6FF-8F453A80DBC8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C82BE453-AC50-442C-82B5-5ACCE5FAEDC7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C82BE453-AC50-442C-82B5-5ACCE5FAEDC7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D53792FF-1407-4EB5-B39B-BB17378CD6EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D53792FF-1407-4EB5-B39B-BB17378CD6EE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E92A2E95-ACE4-415D-AD39-77D718F983EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E92A2E95-ACE4-415D-AD39-77D718F983EC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F6A67655-4208-470D-90A1-6B0DC8444969} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F6A67655-4208-470D-90A1-6B0DC8444969} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8E28047-5385-436B-8A3C-E66E2E481806} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8E28047-5385-436B-8A3C-E66E2E481806} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1862.exe
O20 - AppInit_DLLs: v2jl37tnejwy4idll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q5622504_disk.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

  • 2 Contributors
  • 1 Reply
  • 118 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by DMR
Member Avatar for DMR

Please do the following:

1. Download the trial version of Ewido Security Suite from here:
http://www.ewido.net/en/download/

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet). If you have problems updating see here:
http://www.ewido.net/en/download/updates/

Note -- When you do run Ewido for the first time, you will get a warning Database could not be found!, click OK when you do; the message is non-critical.


2. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and run a full scan with ewido. Save the log it generates; you'll need to post it in your next response here.


While still in safe mode:

- Run HJT and have it fix any of the following entries which still exist (ewido may have cleaned some of these up already):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31403
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\PR48SM~1.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {069D83E5-1BD8-429A-880D-EE038F315784} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {069D83E5-1BD8-429A-880D-EE038F315784} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {13F77752-53DD-435C-BB83-67A817EBDCA4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {13F77752-53DD-435C-BB83-67A817EBDCA4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {16BBB15C-D267-41E7-ABA2-C09F08C1EE2E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {16BBB15C-D267-41E7-ABA2-C09F08C1EE2E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1B9BF6E3-E9FD-49B3-A77A-8CBC824018C4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1B9BF6E3-E9FD-49B3-A77A-8CBC824018C4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2361A06F-56CE-4BD8-BF49-FF002FB56D0A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2361A06F-56CE-4BD8-BF49-FF002FB56D0A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3AEB5BC8-8EED-4C5D-9AB8-AF8800142BF4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3AEB5BC8-8EED-4C5D-9AB8-AF8800142BF4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {42CFF772-B6A5-4DC3-B449-9822B6D93870} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {42CFF772-B6A5-4DC3-B449-9822B6D93870} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {50740C38-6D56-44DA-AC04-16E3660AD2EF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {50740C38-6D56-44DA-AC04-16E3660AD2EF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5424BE36-4EA9-4364-B525-24EFFA38A651} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5424BE36-4EA9-4364-B525-24EFFA38A651} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5947BD8E-1AAF-4DDA-BA4E-E91F1A68B04D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5947BD8E-1AAF-4DDA-BA4E-E91F1A68B04D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {59E7B0B2-F6DC-4FC3-8B1C-BA5FB39505A0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {59E7B0B2-F6DC-4FC3-8B1C-BA5FB39505A0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6B008FF3-2C46-43C9-A7F6-FC08AB3F73A4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6B008FF3-2C46-43C9-A7F6-FC08AB3F73A4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E6D4BD5-A2F0-46BF-A557-1225078347D6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E6D4BD5-A2F0-46BF-A557-1225078347D6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {754F227C-CF6A-4498-8DF5-BEC811315B71} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {754F227C-CF6A-4498-8DF5-BEC811315B71} - (no file) (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A5BF1F47-472C-46D2-B66E-88A24E3BBCF4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5BF1F47-472C-46D2-B66E-88A24E3BBCF4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B1FAE686-C215-46EC-B0D4-23CA5E69A9BF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B1FAE686-C215-46EC-B0D4-23CA5E69A9BF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B7451BE7-E09F-43E3-939E-3ECEE9E9322B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7451BE7-E09F-43E3-939E-3ECEE9E9322B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B76E66A9-9EF4-40C2-9EF9-413CFB698C97} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B76E66A9-9EF4-40C2-9EF9-413CFB698C97} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8A0CDB4-9822-4274-9DB8-CA61E4E3EED2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8A0CDB4-9822-4274-9DB8-CA61E4E3EED2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C6C87681-2ADC-4A8E-B6FF-8F453A80DBC8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C6C87681-2ADC-4A8E-B6FF-8F453A80DBC8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C82BE453-AC50-442C-82B5-5ACCE5FAEDC7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C82BE453-AC50-442C-82B5-5ACCE5FAEDC7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D53792FF-1407-4EB5-B39B-BB17378CD6EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D53792FF-1407-4EB5-B39B-BB17378CD6EE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E92A2E95-ACE4-415D-AD39-77D718F983EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E92A2E95-ACE4-415D-AD39-77D718F983EC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F6A67655-4208-470D-90A1-6B0DC8444969} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F6A67655-4208-470D-90A1-6B0DC8444969} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F8E28047-5385-436B-8A3C-E66E2E481806} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F8E28047-5385-436B-8A3C-E66E2E481806} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1862.exe
O20 - AppInit_DLLs: v2jl37tnejwy4idll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q5622504_disk.dll


- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files:
C:\WINDOWS\q5622504_disk.dll
v2jl37tnejwy4idll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
C:\WINDOWS\System32\PR48SM~1.DLL (<- Note that the "~" in this filename is a placeholder indicating random characters. The real name of the file you want to delete will begin with PR48SM, have a few random characters after that, and will end in .DLL)

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

3. Reboot normally run HJT again, and post a new log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.