Go Back Forums > General > Operating Systems
Operating Systems Is Windows 8.1 giving you a hard time ? Wanna try out Windows 10 ?

Thread Tools Display Modes
Driving Me Up the Walls!! Help Please....
Maha Guru
Videocard: GTX 670
Processor: Intel 3870K
Memory: 8GB DDR3 1600
Soundcard: Realtek HD Audio
PSU: 650 Watt Modular
Default Driving Me Up the Walls!! Help Please.... - 04-16-2007, 22:00 | posts: 2,603

Ok, I am very skilled at computers and what not. But for some odd reason I think I had downloaded an infected installation file that was filled with some adware/spyware bull crap. So I ran the trifecta of scans. Spybot, Adaware, and Counterspy. Got rid of most of it. Reboot and rescan. But there is something still remaining from the spy attack.

The thing at the end that blinks incessantly. The question mark and then the crossout signal thing on the far right. Over and over again and tries to launch to an adware site to download bull crap and what not. Ok So I use firefox, ran also Hijackthis and ran virus scans up the wazoo but I can't get this to go away. I also checked the startup and nothing is wrong. But for all intensive purposes I post below my startup.

Just to provide as much as possible. Here is the hijackthis file as well.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hiro1000\Desktop\hijackthis_sfx\HijackThi s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
I also notice that Windows Defender refuses to start or do anything really. Which is odd. But if any other info is needed I can surely post it.

Please help get rid of this thanks alot.

Reply With Quote
Master Guru
Arthas's Avatar
Videocard: Leadtek 9600GT 1GB @ 22"
Processor: A64 3200+ 939-pin
Mainboard: Asus A8N-SLI
Memory: 2GB G.Skill
Soundcard: Onboard :\
Default 04-17-2007, 02:29 | posts: 386 | Location: Israel

A friend of mine had that virus on his old computer(Windows XP PRO)
this virus could not be deleted even in safemode or DOS, what we did is downloaded AVG Anti Spyware and it went off, no other anti spyware could do that job, gl.

try doing that in normal mode and in safe mode.
if that doesn't work you can only reinstall windows because that virus infects all the computer programs and duplicates it self.
Reply With Quote
Member Guru
rpeter381's Avatar
Videocard: NVIDIA GeForce GTX 550 Ti
Processor: 3.30 gigahertz AMD Phenom
Mainboard: FOXCONN A76GMV 1.0
Memory: 8192 Megabytes
PSU: 700 Watt
Default 04-17-2007, 21:02 | posts: 49 | Location: uk

Try running the free version of superantispyware.
Also look here if it fails
Reply With Quote
Ancient Guru
volkov956's Avatar
Videocard: GTX 1080 TI
Processor: Xeon 6 Core 3.5ghz
Memory: 24GB DDR3 1333
Soundcard: XFI Titatnium Pro Elite
PSU: 1100W Custom PSU
Default 04-18-2007, 07:39 | posts: 6,087 | Location: BC Canada

wow in the last week 3 people have brought me computer with taht sucker on there i starting to wonder why or where everyone getting it
Reply With Quote
Maha Guru
Videocard: GTX 670
Processor: Intel 3870K
Memory: 8GB DDR3 1600
Soundcard: Realtek HD Audio
PSU: 650 Watt Modular
Default 04-18-2007, 11:43 | posts: 2,603

Well I said F it and reformatted. That sucker is one tough SOB. I tried one final rally, safe mode bunch of scans, deleting the files I knew were a part of it. Nope couldn't get it. The ba$t@rd replicates itself over and over and changed the icon. Meh, I needed a reformat anyways. Thanks for the help guys I appreciate it.
Reply With Quote
Maha Guru
Videocard: Sapphire R9 Fury Nitro
Processor: AMD FX-8300 @ 4.5Ghz
Mainboard: Asus 970 Pro Aura
Memory: 16GB Kingston HyperX 1866
Soundcard: Onboard
PSU: Thermaltake Smart M850W
Default 04-18-2007, 15:16 | posts: 1,153 | Location: Tonawanda, NY

For future reference, this would have cleaned it up:*****Fix.php

I ran that on 2 different machines with this problem recently and it worked great.

Reply With Quote
Maha Guru
Videocard: GTX 670
Processor: Intel 3870K
Memory: 8GB DDR3 1600
Soundcard: Realtek HD Audio
PSU: 650 Watt Modular
Default 04-18-2007, 21:10 | posts: 2,603

Hey thanks for that, I will keep that on my usb key for future (hopefully not) occurrences.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
vBulletin Skin developed by:
Copyright (c) 2017, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.