Virus or spyware

  Ged D 23:33 16 Dec 04

Can anyone help me i am currently useing windows xp and have avast anti virus and I keep getting this message you have a virus but I dont seem to be able to get any info on it I think it might be spyware as when i run noadware it comes it with a severe danger under parasite this says it removes it but I go to do somthing and I get this message again you have a virus :Win32:Trojano-173 [Trj].Has any one got any advice or knows how to get rid of this without me formatting my machine.

Many thanks Ged D

  NickyK 23:54 16 Dec 04

For an excellent review of the best (and worst) spyware tools, try click here.

In my opinion, you'd be better off with Ad-Aware Personal Edition, and Spybot Search and Destroy (both free) than Noadware. (Add Spyware Blaster as a kinda spyware blocker - also free).

You could also try scanning with an on-line virus scanner such as Panda Active Scan (free) which may remove what other things don't.

  Cook2 00:03 17 Dec 04

Have you tried the Avast! Cleaner?

  Nellie2 00:21 17 Dec 04

could you download hijackthis from click here extract it into it's own folder and then run it. Click on the 'do a system scan and save logfile' button and post the whole log as a reply here. You may need to do it in two posts as there is an 800 word limit here.

Please don't fix anything until you hear back from me as a lot of what hijackthis lists is useful and even essential to the running of your pc.

  Ged D 18:09 17 Dec 04

Logfile of HijackThis v1.99.0
Scan saved at 5:57:42 PM, on 12/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Ged\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fgduy.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fgduy.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\brajz.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fgduy.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\brajz.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\brajz.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {07058BA3-7AA4-113B-9631-087033B78712} - C:\WINDOWS\system32\d3at.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

  Ged D 18:11 17 Dec 04

O2 - BHO: (no name) - {07058BA3-7AA4-113B-9631-087033B78712} - C:\WINDOWS\system32\d3at.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [winae.exe] C:\WINDOWS\winae.exe
O4 - HKLM\..\RunOnce: [javazc.exe] C:\WINDOWS\javazc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted IP range:
O15 - Trusted IP range: (HKLM)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A98F43F-05DA-4471-B497-125533E428D4}: NameServer =
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\crpi32.exe (file missing)

  Nellie2 19:38 17 Dec 04

Please download ServiceFilter. click here

Unzip to a convenient folder like C:\ServiceFilter. <-- this is very important, it will not work properly from inside the zip file.

Navigate to where you unzipped it and double-click on ServiceFilter.vbs.

If you have an active anti-virus it might prevent the script from starting. Please allow the script to run.

It will open a text file (POST_THIS.TXT) that lists all of the irregular services.
Press Ctrl + A simultaneously to select all of the text.

Copy and paste the whole thing into your next post.

A copy of POST_THIS.TXT is saved to where ServiceFilter.vbs was saved just in case you accidentally close out of it.

This will just give me a list of unknown services on your PC... I can see from the hijackthis log that you have the bad service, but I need to know it's full name.

  Ged D 20:39 17 Dec 04

Hi Nellie2
you have been a big help to me and I am very grateful but i have opted out and to just formatt the PC but once again thanks for the time tou have put in to this thnks Ged

By the way are you an IT engineer

  Nellie2 21:26 17 Dec 04

oh... shame! :( No I'm not an IT engineer, I don't even work in IT.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

Where HTML5 is headed next

MacBook Pro v Surface Pro 5