Error Message for windows

F

fattydq

New Member
When I started my computer today I received a popup error message that said error loading C:\windows\system32\lwisys16080112.dll. A popup also keeps coming at the bottom of the screen saying that I am infected with spyware, and changing my desktop background to an error/warning message. I am running XP on a Dell Dimension. Here's my hijack this file

Logfile of HijackThis v1.99.1
Scan saved at 12:49:36 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\lpcywinp.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\qwerty12.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\system32\perfs.exe
C:\windows\system32\routing.exe
C:\windows\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\inf\svchosts.exe
C:\windows\system32\inf\svchosts.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.systemsecure.org/? CLICK YES TO ENTER WEBSITE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...000000&C=1062054000000&D=0&I=6.2B4JU&N=PL&O=I
F2 - REG:system.ini: UserInit=C:\windows\system32\lpcywinp.exe,C:\windows\system32\userinit.exe
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {1084502e-40d7-407b-b203-81f717555380} - C:\windows\system32\loc595.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {40FA91A8-C564-4B0D-A9F1-0700ED3B4C0B} - C:\windows\system32\dfrgre.dll
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\windows\system32\egmulhxk.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\windows\system32\x7Mnj4MA.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\windows\system32\tmp1.tmp.dll
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {929BC6E1-F2AD-4541-AA1F-FFFBDBE2037E} - C:\windows\system32\jkhhfda.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {C97A6830-DDDB-A352-D178-8CADDCE621E1} - C:\windows\system32\gnxcfqxf.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Tzb] "C:\Program Files\Common Files\??mbols\taskmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1537d41ea5da85f39b05/netzip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - AppInit_DLLs: c:\windows\system32\pmkhhig.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loc595 - C:\windows\SYSTEM32\loc595.dll
O23 - Service: DomainService - Unknown owner - C:\windows\system32\qwerty12.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\windows\system32\routing.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
I'm also getting popups saying that I have trojandownloader.xs and other various trojans from windows security...
 
Here it is. My computer is very unstable, with the internet working for only several minutes at a time, I've gotten the NT Authority/System shutdown msg several times (though it's not the blaster worm, I scanned for it several times) and my computer will not system restore or shutdown properly. And this is all even after running the fully updated AVG software you directed me to...:confused:




Logfile of HijackThis v1.99.1
Scan saved at 8:34:58 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\inf\svchosts.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.systemsecure.org/? CLICK YES TO ENTER WEBSITE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...000000&C=1062054000000&D=0&I=6.2B4JU&N=PL&O=I
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: (no name) - {1084502e-40d7-407b-b203-81f717555380} - C:\windows\system32\loc595.dll (file missing)
O2 - BHO: (no name) - {40FA91A8-C564-4B0D-A9F1-0700ED3B4C0B} - C:\windows\system32\dfrgre.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\windows\system32\x7Mnj4MA.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\windows\system32\tmp1.tmp.dll (file missing)
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {929BC6E1-F2AD-4541-AA1F-FFFBDBE2037E} - C:\windows\system32\jkhhfda.dll (file missing)
O2 - BHO: (no name) - {C97A6830-DDDB-A352-D178-8CADDCE621E1} - C:\windows\system32\gnxcfqxf.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1537d41ea5da85f39b05/netzip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loc595 - loc595.dll (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 
Just ran an updated version of AVG and it did remove several different things. Here's another hjt log...



Logfile of HijackThis v1.99.1
Scan saved at 10:41:56 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\inf\svchosts.exe
C:\windows\alg.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wuauclt.exe
c:\windows\alg.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.systemsecure.org/? CLICK YES TO ENTER WEBSITE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...000000&C=1062054000000&D=0&I=6.2B4JU&N=PL&O=I
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com
O2 - BHO: (no name) - {1084502e-40d7-407b-b203-81f717555380} - C:\windows\system32\loc595.dll (file missing)
O2 - BHO: (no name) - {40FA91A8-C564-4B0D-A9F1-0700ED3B4C0B} - C:\windows\system32\dfrgre.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\windows\system32\x7Mnj4MA.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\windows\system32\tmp1.tmp.dll (file missing)
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {929BC6E1-F2AD-4541-AA1F-FFFBDBE2037E} - C:\windows\system32\jkhhfda.dll (file missing)
O2 - BHO: (no name) - {C97A6830-DDDB-A352-D178-8CADDCE621E1} - C:\windows\system32\gnxcfqxf.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1537d41ea5da85f39b05/netzip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: loc595 - loc595.dll (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 
Your log is still badly infected.

Please download AVG Anti-Spyware from HERE and save that file to your desktop.
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon Update.
    • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  5. Once in the Settings screen click on Recommended actions and then select Quarantine.
  6. Under Reports
    • Select Do not automatically generate reports
    • Un-Select Only if threats were found
  7. Please close AVG Antispyware without running a scan.

You may wish to print these instructions, or copy them to a Notepad document, as you will be unable to access the Internet while in Safe Mode to read from this site.

Please reboot into Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).

Please open AVG Anti-Spyware
  • Run a complete system scan with AVG Anti-Spyware.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware
  • Reboot into Normal Mode

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

Please post
  • The AVG Antispyware Report
  • The ComboFix report
  • A new HijackThis log
 
You must log in or register to reply here.
Back
Top