This topic is locked
1. I am unable to get windows to update, and get the following message: Windows Genuine Advantage Validation Tool (KB892130) I followed a Microsoft thread to fix this manually but it does not seem to work.
2. There is some sort of ghost wallpaper left on my desktop that does not allow me to see my actual desktop, although all of my icons show up on this "ghost". If I move my mouse arrow over the desktop from a program it changes as it recognizes the mouse hitting it. It is not causing a problem that I can see but I wonder if my memory starts getting full due to this issue.
3. I am unable to open a program called infoselect without first getting an error message saying Infoselect has encountered a problem and has had to shut down. Then I start it again and get Infoselect was not closed properly during the last seccion and was temporarily switched into safe mode.Please confirm loading of .ini file. I click cancel and it opens up. Please find below the data I believe I am to include. Thanks for any and all help.
Steve
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:50 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = excite.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: GNX Rolex - {A554EBAE-AB0F-4C22-B623-A38C36B772D8} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206841254515
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - LxrJD31s.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: My Excite - http://www.excite.com/
O24 - Desktop Component 1: Privacy Protection - (no file)
--
End of file - 9817 bytes
Panda threats
MS07-058High+ InfoMS06-045Medium+ InfoMS07-016High+ InfoMS07-057High+ InfoMS06-002High+ InfoMS06-072High+ InfoMS06-042High+ InfoMS06-041High+ InfoMS07-013High+ InfoMS06-040High+ InfoMS07-012High+ InfoMS07-069High+ InfoMS08-002Medium+ InfoMS07-011High+ InfoMS08-001Medium+ InfoMS07-067High+ InfoMS07-061High+ InfoMS06-018Medium+ InfoMS07-064High+ InfoMS07-008High+ InfoMS06-008Medium+ InfoMS07-007High+ InfoMS06-007Medium+ InfoMS06-065Medium+ InfoMS07-050High+ InfoMS07-006Medium+ InfoMS06-006Medium+ InfoMS06-001High+ InfoMS06-064Medium+ InfoMS06-032Medium+ InfoMS06-063Medium+ InfoMS06-036High+ InfoMS06-070High+ InfoMS06-035High+ InfoMS06-030Medium+ InfoMS07-046High+ InfoMS07-045High+ InfoMS06-067High+ InfoMS07-027High+ InfoMS07-043High+ InfoMS07-035High+ InfoMS06-057High+ InfoMS06-025High+ InfoMS07-033High+ InfoMS07-031High+ InfoMS06-022High+ InfoMS06-021High+ InfoMS06-015High+ InfoMS06-013High+ InfoMS07-017High+ InfoMS06-053Medium+ InfoMS06-052Medium+ InfoMS05-049Medium+ InfoMS07-022High+ InfoMS07-021High+ InfoMS07-020High+ InfoMS05-051High+ InfoMS07-019High+ InfoMS05-053High+ InfoMS05-050High+ InfoMS06-051High+ InfoMS06-050Medium+ InfoMS06-055High+ InfoMS06-076High+ InfoMS06-075Medium+ InfoMS06-046High+ Info
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:05:21 PM 4/13/2008
+ Scan result:
Nothing found.
::Report end
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/13/2008 at 05:37 PM
Application Version : 4.0.1154
Core Rules Database Version : 3437
Trace Rules Database Version: 1429
Scan type : Complete Scan
Total Scan Time : 01:56:28
Memory items scanned : 594
Memory threats detected : 0
Registry items scanned : 6077
Registry threats detected : 27
File items scanned : 89180
File threats detected : 1
MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-27987841-921125120-4191668413-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-14 05:00:06
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Norton AntiVirus 15.0.0.58 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00502546 Application/MyWay HackTools No 0 Yes No C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location O]
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description O]
;===============================================================================
================================================================================
=
===================
184380 MEDIUM MS08-002 O]
184379 MEDIUM MS08-001 O]
182048 HIGH MS07-069 O]
182046 HIGH MS07-067 O]
182043 HIGH MS07-064 O]
179553 HIGH MS07-061 O]
176382 HIGH MS07-057 O]
176383 HIGH MS07-058 O]
170911 HIGH MS07-050 O]
170907 HIGH MS07-046 O]
170906 HIGH MS07-045 O]
170904 HIGH MS07-043 O]
164915 HIGH MS07-035 O]
164913 HIGH MS07-033 O]
164911 HIGH MS07-031 O]
160623 HIGH MS07-027 O]
157262 HIGH MS07-022 O]
157261 HIGH MS07-021 O]
157260 HIGH MS07-020 O]
157259 HIGH MS07-019 O]
156477 HIGH MS07-017 O]
150253 HIGH MS07-016 O]
150249 HIGH MS07-013 O]
150248 HIGH MS07-012 O]
150247 HIGH MS07-011 O]
150243 HIGH MS07-008 O]
150242 HIGH MS07-007 O]
150241 MEDIUM MS07-006 O]
141034 HIGH MS06-076 O]
141033 MEDIUM MS06-075 O]
141030 HIGH MS06-072 O]
137571 HIGH MS06-070 O]
137568 HIGH MS06-067 O]
133387 MEDIUM MS06-065 O]
133386 MEDIUM MS06-064 O]
133385 MEDIUM MS06-063 O]
133379 HIGH MS06-057 O]
131654 HIGH MS06-055 O]
129977 MEDIUM MS06-053 O]
129976 MEDIUM MS06-052 O]
126093 HIGH MS06-051 O]
126092 MEDIUM MS06-050 O]
126087 HIGH MS06-046 O]
126086 MEDIUM MS06-045 O]
126083 HIGH MS06-042 O]
126082 HIGH MS06-041 O]
126081 HIGH MS06-040 O]
123421 HIGH MS06-036 O]
123420 HIGH MS06-035 O]
120825 MEDIUM MS06-032 O]
120823 MEDIUM MS06-030 O]
120818 HIGH MS06-025 O]
120815 HIGH MS06-022 O]
120814 HIGH MS06-021 O]
117384 MEDIUM MS06-018 O]
114666 HIGH MS06-015 O]
114664 HIGH MS06-013 O]
108744 MEDIUM MS06-008 O]
108743 MEDIUM MS06-007 O]
108742 MEDIUM MS06-006 O]
104567 HIGH MS06-002 O]
104237 HIGH MS06-001 O]
96574 HIGH MS05-053 O]
93395 HIGH MS05-051 O]
93394 HIGH MS05-050 O]
93454 MEDIUM MS05-049 O]
;===============================================================================
================================================================================
=
===================
Edited by SteveB240D, 15 April 2008 - 03:54 PM.
Sign In
Create Account
