Browser problem, Browser hijacked |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Dec 1 2006, 04:13 PM
Post
#1
|
|
|
Member  Posts: 91 OS: WINDOWS XP  |
Many thanks Logfile of HijackThis v1.99.1 Scan saved at 22:07:22, on 01/12/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\VM303_STI.EXE D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe C:\WINDOWS\system32\cleanmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\New Programs\FATALERRORFILE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallbroadband.com/customer/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [Zone Labs Client] "D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161268279966 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
 |
 
|
|
Dec 2 2006, 05:41 AM
Post
#2
|
|
 Malware Expert  Posts: 557 From: Finland OS: Windows XP 
|
Hi NOTEVER
Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Open HijackThis, click do a system scan only and checkmark these: O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 Close all windows including browser and press fix checked Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. Please remove ewido anti-spyware from add/remove programs; it's now called AVG Anti-Spyware and updated. Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/
AVG manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update. Please download ATF Cleaner by Atribune and save it to desktop. Don't use it yet. ______________________________ Reboot your computer in Safe Mode.
Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit to close ATF-Cleaner. [/list]Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. ______________________________ Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
______________________________ Please post:
|
|
|
|
|
Dec 2 2006, 09:14 AM
Post
#3
|
|
|
Member Posts: 91 OS: WINDOWS XP |
Thanks Shaba. Here are the logs as requested
Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSFUU.EXE 51,724 2006-11-08 C:\WINDOWS\SYSTEM32\DMYVV.EXE 60,432 2001-08-18 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:00:10 PM 12/2/2006 + Scan result: C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP15\A0014072.inf -> Adware.AntiAwarePro : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017765.dll -> Adware.Baidu : Cleaned with backup (quarantined). C:\Program Files\CNNIC\Cdn\cdnforie.dll -> Adware.Cdn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017836.dll -> Adware.Cdn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030756.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030989.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031216.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP38\A0031679.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034607.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017827.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017831.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017841.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017847.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017848.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017829.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017830.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017832.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017833.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017834.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017835.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034744.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034745.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034746.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034747.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034748.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034749.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034750.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017828.sys -> Downloader.Small.npa : Cleaned with backup (quarantined). C:\WINDOWS\system32\kdsxr.exe -> Downloader.Zlob.aty : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030957.exe -> Trojan.Sinowal.bi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034797.exe -> Trojan.Sinowal.bi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030855.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030991.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030992.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031225.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP38\A0031816.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP38\A0032103.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0033491.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034690.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0019229.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0019268.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0019336.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0020335.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0021337.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0025554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0026554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0027554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0028554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0029554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030613.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030623.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030744.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030757.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030931.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030965.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031167.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031183.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031196.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP34\A0031328.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034842.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034844.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034845.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034846.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034847.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034848.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034849.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034850.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034851.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). C:\WINDOWS\system32\csfuu.exe -> Trojan.Small.fb : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 15:10:17, on 02/12/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\VM303_STI.EXE D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\New Programs\FATALERRORFILE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallbroadband.com/customer/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [Zone Labs Client] "D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161268279966 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
Dec 2 2006, 10:22 AM
Post
#4
|
|
|
Malware Expert Posts: 557 From: Finland OS: Windows XP
|
Hi
Delete these: C:\WINDOWS\SYSTEM32\DMYVV.EXE C:\Program Files\CNNIC\ Empty Recycle Bin Open HijackThis, click do a system scan only and checkmark these: O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 Close all windows including browser and press fix checked Re-run fixwareout Send: - a fresh HijackThis log - fixwareout report This post has been edited by Shaba: Dec 2 2006, 10:23 AM |
|
|
|
|
Dec 2 2006, 10:58 AM
Post
#5
|
|
|
Member Posts: 91 OS: WINDOWS XP |
Logfile of HijackThis v1.99.1
Scan saved at 16:57:24, on 02/12/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\VM303_STI.EXE D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe D:\New Programs\FATALERRORFILE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallbroadband.com/customer/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161268279966 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. |
|
|
|
|
Dec 2 2006, 11:05 AM
Post
#6
|
|
|
Malware Expert Posts: 557 From: Finland OS: Windows XP
|
Good
This is next step: You are quite behind on your Windows Updates and Patches!! The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here to get WinXP SP1a: http://www.microsoft.com/downloads/details...&DisplayLang=en Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2) Click here for Windows Update: http://www.windowsupdate.com/ After installing all the Patches and updates, reboot, then post a fresh Hijack This log. |
|
|
|
|
Dec 2 2006, 03:09 PM
Post
#7
|
|
|
Member Posts: 91 OS: WINDOWS XP |
Followed your instructions but unfortunately hit some problems. Installed SP1a then the updates but when trying to restart the pc wouldn't boot normally and each time I tried I got a very quick flash of what looked like the BSOD then the screen with the safe mode etc options. Eventually I had to use the system restore option which is were I am now. I have run a HJT BELOW AND AWAIT YOUR INSTRUCTIONS
Cheers Logfile of HijackThis v1.99.1 Scan saved at 21:09:20, on 02/12/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\New Programs\FATALERRORFILE\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe D:\New Programs\FATALERRORFILE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallbroadband.com/customer/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [Zone Labs Client] "D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161268279966 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\ewido anti-spyware 4.0\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
Dec 3 2006, 03:43 AM
Post
#8
|
|
|
Malware Expert Posts: 557 From: Finland OS: Windows XP
|
|
|
|
|
|
Dec 3 2006, 08:38 AM
Post
#9
|
|
|
Member Posts: 91 OS: WINDOWS XP |
Thank you for running the Windows Validation Assistant. It appears that your Windows Product Key is valid.
|
|
|
|
|
Dec 3 2006, 08:50 AM
Post
#10
|
|
|
Malware Expert Posts: 557 From: Finland OS: Windows XP
|
Hi
You seems to be running both AVG and ca antivirus. Please remove one of them. Also, have you been lately using Registry Repair Pro? If possible, post a log what it has removed. |
|
|
|
|
Dec 3 2006, 09:32 AM
Post
#11
|
|
|
Member Posts: 91 OS: WINDOWS XP |
Whats ca antivirus, sorry don't know what that is? I've used Windows Registry Repair Pro can't find any log though sorry
|
|
|
|