Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser problem


  • This topic is locked This topic is locked

#1
NOTEVER

NOTEVER

    Member

  • Member
  • PipPipPip
  • 167 posts
Each time I log on to the internet my homepage doesn't load sometimes opens with a [bleep] type advertisement. I have run AdAware Ewido Spybot and AVG. One or two thing found and removed but still the internet problem persists. Can't get to my email account although can get to GTG.Log below in the hope somethings there

Many thanks

Logfile of HijackThis v1.99.1
Scan saved at 22:07:22, on 01/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\New Programs\FATALERRORFILE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallb...d.com/customer/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Zone Labs Client] "D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.sp...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161268279966
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi NOTEVER

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe
  • Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so.
  • Your system may take longer than usual to load; this is normal.
Open HijackThis, click do a system scan only and checkmark these:

O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84


Close all windows including browser and press fix checked

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please remove ewido anti-spyware from add/remove programs; it's now called AVG Anti-Spyware and updated.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
  • Click on Update on the toolbar.
  • Under Manual update, click on the Start Update button.
  • Wait until you see the Update succesfull message.
[*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
[/list]If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Please download ATF Cleaner by Atribune and save
it to desktop. Don't use it yet.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.
[/list]Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________


Please post:
  • c:\fixwareout\report.txt
  • AVG Anti-Spyware log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
  • 0

#3
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Thanks Shaba. Here are the logs as requested

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSFUU.EXE 51,724 2006-11-08
C:\WINDOWS\SYSTEM32\DMYVV.EXE 60,432 2001-08-18

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:00:10 PM 12/2/2006

+ Scan result:



C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP15\A0014072.inf -> Adware.AntiAwarePro : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017765.dll -> Adware.Baidu : Cleaned with backup (quarantined).
C:\Program Files\CNNIC\Cdn\cdnforie.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017836.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030756.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030989.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031216.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP38\A0031679.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034607.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017827.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017831.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017841.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017847.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017848.exe -> Downloader.Delf.ayf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017829.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017830.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017832.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017833.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017834.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017835.exe -> Downloader.Delf.bau : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034744.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034745.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034746.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034747.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034748.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034749.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034750.exe -> Downloader.Delf.bcv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0017828.sys -> Downloader.Small.npa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kdsxr.exe -> Downloader.Zlob.aty : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030957.exe -> Trojan.Sinowal.bi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034797.exe -> Trojan.Sinowal.bi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030855.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030991.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030992.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031225.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP38\A0031816.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP38\A0032103.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0033491.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034690.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0019229.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0019268.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0019336.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0020335.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0021337.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0025554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0026554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0027554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0028554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0029554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030554.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030613.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030623.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030744.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030757.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030931.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP32\A0030965.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031167.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031183.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP33\A0031196.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP34\A0031328.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034842.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034844.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034845.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034846.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034847.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034848.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034849.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034850.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4052D5C3-EB59-4DEF-A854-663C6869D0DA}\RP41\A0034851.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csfuu.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 15:10:17, on 02/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\New Programs\FATALERRORFILE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallb...d.com/customer/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Zone Labs Client] "D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.sp...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161268279966
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Delete these:

C:\WINDOWS\SYSTEM32\DMYVV.EXE
C:\Program Files\CNNIC\

Empty Recycle Bin

Open HijackThis, click do a system scan only and checkmark these:

O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84


Close all windows including browser and press fix checked

Re-run fixwareout

Send:

- a fresh HijackThis log
- fixwareout report

Edited by Shaba, 02 December 2006 - 10:23 AM.

  • 0

#5
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Logfile of HijackThis v1.99.1
Scan saved at 16:57:24, on 02/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\New Programs\FATALERRORFILE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallb...d.com/customer/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.sp...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161268279966
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
  • 0

#6
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Good

This is next step:

You are quite behind on your Windows Updates and Patches!!

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here to get WinXP SP1a: http://www.microsoft.com/downloads/details...&DisplayLang=en

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
Click here for Windows Update: http://www.windowsupdate.com/

After installing all the Patches and updates, reboot, then post a fresh Hijack This log.
  • 0

#7
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Followed your instructions but unfortunately hit some problems. Installed SP1a then the updates but when trying to restart the pc wouldn't boot normally and each time I tried I got a very quick flash of what looked like the BSOD then the screen with the safe mode etc options. Eventually I had to use the system restore option which is were I am now. I have run a HJT BELOW AND AWAIT YOUR INSTRUCTIONS

Cheers

Logfile of HijackThis v1.99.1
Scan saved at 21:09:20, on 02/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\New Programs\FATALERRORFILE\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\New Programs\FATALERRORFILE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.homecallb...d.com/customer/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\New Programs\ADOBEACROBAT\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Zone Labs Client] "D:\New Programs\FATALERRORFILE\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] D:\New Programs\FATALERRORFILE\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ruby-roses.sp...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161268279966
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{711164E7-2FE8-4520-B8A2-3628C221B948}: NameServer = 85.255.113.132 85.255.112.84
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\New Programs\FATALERRORFILE\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#8
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Go there and post back what it said.
  • 0

#9
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Thank you for running the Windows Validation Assistant. It appears that your Windows Product Key is valid.
  • 0

#10
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

You seems to be running both AVG and ca antivirus. Please remove one of them.

Also, have you been lately using Registry Repair Pro? If possible, post a log what it has removed.
  • 0

Advertisements


#11
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Whats ca antivirus, sorry don't know what that is? I've used Windows Registry Repair Pro can't find any log though sorry
  • 0

#12
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
This one -> O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe

I asked about Registry Repair Pro because I think it may have removed something which prevents installation of SP1a.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
  • 0

#13
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
A4 TECH USB PC Camera H
Acala DVD Copy 2.3.3
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
AVG Anti-Spyware 7.5
AVG Free Edition
Canon CanoScan Toolbox 4.5
EasyCleaner
HijackThis 1.99.1
ImgBurn (Remove Only)
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
Manual CanoScan 3200,3200F
Microsoft Office 2000 SR-1 Standard
NVIDIA Display Driver
OmniPage SE 2.0
PhotoStudio
PPLive 1.1.0.1
ppStream 1.0
QuickTime
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
SpeedTouch USB Software
Spybot - Search & Destroy 1.4
USB Modem Optimiser
Vodafone 804SS USB driver Software
VSO CopyToDVD 4
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Registry Repair Pro
ZoneAlarm
  • 0

#14
Shaba

Shaba

    Malware Expert

  • Member
  • PipPipPip
  • 558 posts
  • MVP
Hi

Next try repair installation of windows and after that, try to re-install sp1a and tell me if it worked.
  • 0

#15
NOTEVER

NOTEVER

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 167 posts
Shaba

Put my recovery disk in and it started to load files with no option R to repair. It appears to be loading Windows again

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP