# need help removing some nasty spyware



## cdawall (Sep 22, 2007)

i have winantivirus2007 that somehow snuck onto my drive when i let my little bro use my PC...perfect point to how no good deed goes unpunished


anyone know how to kill this crap cause avast and spybot fail at it and mcafee isnt good for anythong but a paperweight

here is my log file off of hijackthis


```
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:54 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\crusty.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~3\PopUp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - C:\WINDOWS\system32\wvuvwuu.dll
O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - C:\WINDOWS\system32\mlrqenmj.dll
O2 - BHO: (no name) - {E9D4EBA6-5C96-48EF-8217-941899ADC4FB} - C:\WINDOWS\system32\gebcd.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O20 - AppInit_DLLs:  C:\WINDOWS\System32\mshta.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll
O20 - Winlogon Notify: wincwg32 - wincwg32.dll (file missing)
O20 - Winlogon Notify: wvuvwuu - C:\WINDOWS\SYSTEM32\wvuvwuu.dll
O22 - SharedTaskScheduler: bals - {7916f057-223f-4612-ac84-e882cbe043d4} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe

--
End of file - 8678 bytes
```


thanks to anyone who helps.....


----------



## Namslas90 (Sep 22, 2007)

Try MRT.


----------



## technicks (Sep 22, 2007)

Send me your mail address.

I will try to help.


----------



## cdawall (Sep 22, 2007)

thanks

and running mrt.exe right now


----------



## Ben Clarke (Sep 22, 2007)

These are the registry keys created by it, if it helps...

HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL
HKEY_CLASSES_ROOT\AppID\compcln.dll
HKEY_CLASSES_ROOT\AppID\FFWraper.DLL
HKEY_CLASSES_ROOT\AppID\FixCore.DLL
HKEY_CLASSES_ROOT\AppID\MMFixCtrl.DLL
HKEY_CLASSES_ROOT\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
HKEY_CLASSES_ROOT\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
HKEY_CLASSES_ROOT\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
HKEY_CLASSES_ROOT\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
HKEY_CLASSES_ROOT\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
HKEY_CLASSES_ROOT\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
HKEY_CLASSES_ROOT\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
HKEY_CLASSES_ROOT\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
HKEY_CLASSES_ROOT\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
HKEY_CLASSES_ROOT\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
HKEY_CLASSES_ROOT\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
HKEY_CLASSES_ROOT\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
HKEY_CLASSES_ROOT\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
HKEY_CLASSES_ROOT\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
HKEY_CLASSES_ROOT\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
HKEY_CLASSES_ROOT\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
HKEY_CLASSES_ROOT\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
HKEY_CLASSES_ROOT\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
HKEY_CLASSES_ROOT\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
HKEY_CLASSES_ROOT\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
HKEY_CLASSES_ROOT\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
HKEY_CLASSES_ROOT\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
HKEY_CLASSES_ROOT\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
HKEY_CLASSES_ROOT\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
HKEY_CLASSES_ROOT\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
HKEY_CLASSES_ROOT\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
HKEY_CLASSES_ROOT\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
HKEY_CLASSES_ROOT\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
HKEY_CLASSES_ROOT\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
HKEY_CLASSES_ROOT\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
HKEY_CLASSES_ROOT\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
HKEY_CLASSES_ROOT\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
HKEY_CLASSES_ROOT\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
HKEY_CLASSES_ROOT\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
HKEY_CLASSES_ROOT\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
HKEY_CLASSES_ROOT\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
HKEY_CLASSES_ROOT\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
HKEY_CLASSES_ROOT\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
HKEY_CLASSES_ROOT\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
HKEY_CLASSES_ROOT\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
HKEY_CLASSES_ROOT\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
HKEY_CLASSES_ROOT\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
HKEY_CLASSES_ROOT\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
HKEY_CLASSES_ROOT\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CompCleanCore.AppCleaner
HKEY_CLASSES_ROOT\CompCleanCore.AppCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.CCQuickScan
HKEY_CLASSES_ROOT\CompCleanCore.CCQuickScan.1
HKEY_CLASSES_ROOT\CompCleanCore.FileCleaner
HKEY_CLASSES_ROOT\CompCleanCore.FileCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.InetCleaner
HKEY_CLASSES_ROOT\CompCleanCore.InetCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.RegCleaner
HKEY_CLASSES_ROOT\CompCleanCore.RegCleaner.1
HKEY_CLASSES_ROOT\CompCleanCore.SystemCleaner
HKEY_CLASSES_ROOT\CompCleanCore.SystemCleaner.1
HKEY_CLASSES_ROOT\df_fixer.Fixer
HKEY_CLASSES_ROOT\df_fixer.Fixer.1
HKEY_CLASSES_ROOT\df_proxy.DriverManipulate
HKEY_CLASSES_ROOT\df_proxy.DriverManipulate.1
HKEY_CLASSES_ROOT\FFCom.FlFixer
HKEY_CLASSES_ROOT\FFWraper.FFEnginWraper
HKEY_CLASSES_ROOT\FFWraper.FFEnginWraper.1
HKEY_CLASSES_ROOT\FixCore.MMFixCore
HKEY_CLASSES_ROOT\FixCore.MMFixCore.1
HKEY_CLASSES_ROOT\MMFixCtrl.CoFixEngine
HKEY_CLASSES_ROOT\MMFixCtrl.CoFixEngine.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftwareHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Control\SafeBoot\Minimal\df_km.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
HKEY_CURRENT_USER\Software\WinSoftware

Hopefully that helps in removal.


----------



## cdawall (Sep 22, 2007)

anyone want to make that into a nice neat regedit file for me


----------



## Ben Clarke (Sep 22, 2007)

That'd put them in, not take them out.


----------



## Jimmy 2004 (Sep 22, 2007)

Ben Clarke said:


> That'd put them in, not take them out.



You can make ones that delete I think, but I've never looked into it so don't know how I'm afraid. Might be very easy... Google should have the answer. 

I'm not an expert at HijackThis logs - if you went onto the software forums you'd probably get more help, the only thing I would recommend would be to try Spybot and Ad-Aware from safe mode and also give Windows Defender a go. And install SpywareBlaster for the future if you haven't already.


----------



## Ben Clarke (Sep 22, 2007)

Hmm... gimme a minute then, I'll see if I can whip up a key that'll do it.


----------



## Jimmy 2004 (Sep 22, 2007)

Ben Clarke said:


> Hmm... gimme a minute then, I'll see if I can whip up a key that'll do it.



Looks quite easy actually, just put a - in front of it.

Take a look here if you want to read about .reg files.


----------



## Ben Clarke (Sep 22, 2007)

OK, I'm about to make the .reg file. Back up your important files now, I dunno how this works, so I dunno if there's values in those keys that Windows needs, so it might crash it. Here goes nothin, I'll make it now.


----------



## HellasVagabond (Sep 22, 2007)

I good Anti-Malware should do the trick. Did you try Spyware Doctor ?


----------



## Ben Clarke (Sep 22, 2007)

Here it is...


----------



## cdawall (Sep 22, 2007)

HellasVagabond said:


> I good Anti-Malware should do the trick. Did you try Spyware Doctor ?



yeah i tried several of the big name ones

adaware--died after 5mins
s&d--found but could not remove even in safe mode
mtr--still running
mcafee--POS didnt find it at all
ad doctor--found could not remove

tried some lesser known ones as well story basically goes found could not delete

all this cept mtr was done in safemode  im going to give this a go in linux live if all else fails  try and run in that you bastard program


----------



## DRDNA (Sep 22, 2007)

cdawall said:


> im going to give this a go in linux live if all else fails  try and run in that you bastard program



Absolutely  ...put it on another PC as  a  spare  drive  and  scan it  then  install  avgroot kit check  to see  for hiddin installer


----------



## HellasVagabond (Sep 22, 2007)

Did you try to get into safe mode and then do scans ?


----------



## cdawall (Sep 22, 2007)

lol after all this im really tempted to do what i have needed to do since i got my 7800GS reformat and reinstall windows but i dont want to loose all the random crap i have and dont want to spend the time copying it to my oither drive  stupid windows why are you such a pain



HellasVagabond said:


> Did you try to get into safe mode and then do scans ?





cdawall said:


> all this cept mtr was done in safemode


----------



## Ben Clarke (Sep 22, 2007)

lol... well, my reg attempt is always above, if you want to try that. And hey, if it screws up, it gives you the excuse to re-install Windows.


----------



## cdawall (Sep 22, 2007)

Ben Clarke said:


> lol... well, my reg attempt is always above, if you want to try that. And hey, if it screws up, it gives you the excuse to re-install Windows.



lol im not that stupid i set a restore point before im going to attempt that currently im waiting for mtr to finish before i do the regedit


----------



## HellasVagabond (Sep 22, 2007)

I am sure that in safe mode you tried to end some services and tasks via the task manager prior to using the Anti-Virus/Malware...


----------



## cdawall (Sep 22, 2007)

yes i ended everything that i new wasnt supposed to be ther which wasnt hard since ther wer very few programs runnings


----------



## Jimmy 2004 (Sep 22, 2007)

Apparently it could be linked to something called Vundo.

You should try post number four here and let us know how you get on.


----------



## Jimmy 2004 (Sep 22, 2007)

Edit: try AVG Antispyware and A-Squared as well - they're both free and worth a try.


----------



## cdawall (Sep 22, 2007)

that vundofix tool has found a tun of shit should be gone shortly then ill use hijackthis adn bens regedit to make sure all the shits gone


millions of thanks guys and ill post back once ive done all that stuffs


----------



## HellasVagabond (Sep 22, 2007)

Could it possibly be a rootkit ?


----------



## DaMulta (Sep 22, 2007)

Try system restore.


----------



## cdawall (Sep 23, 2007)

i turned off restore a long time ago 


i seem to have fixed it couldnt kill these 3 files though
wvuvwuu.dll
dcbeg.ini
gebcd.dll

but i no longer get popups while running mozilla/ie 

thatnks to all


----------



## HellasVagabond (Sep 23, 2007)

Did you try any rootkit removers ? If not do try...Norton, F-Secure and others have them and they are free...
Check HERE  for a list of many rootkit removers and do try them


----------



## Jimmy 2004 (Sep 23, 2007)

Have you tried running HijackThis in safe mode to remove them?



HellasVagabond said:


> Did you try any rootkit removers ? If not do try...Norton, F-Secure and others have them and they are free...
> Check HERE  for a list of many rootkit removers and do try them



Didn't realise there were so many free ones...


----------



## HellasVagabond (Sep 23, 2007)

When one AV Company releases one the others do the same so they wont fall back on their PR..Its only natural


----------



## cdawall (Sep 25, 2007)

thanks to all  popups are gone


----------



## w2richwood (Sep 25, 2007)

try  trend micro.com there free on line scan its pretty good
Rich


----------

