Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have no antivirus - it wont go on [RESOLVED]


  • This topic is locked This topic is locked

#1
Dizzy blonde

Dizzy blonde

    Member

  • Member
  • PipPip
  • 19 posts
Hi,
I have got a problem with the pc (well obviously otherwise I would not be posting on here) I am running XP SP2.
For a couple of months been having problems with a couple of games that are installed on the pc (rollercoaster tycoon and wildlife park - kept getting messages that something was corrupt and the games would not load) then a few weeks ago AVG 7 started acting up (being off when pc switched on) and then it wouldn't work, so I uninstalled it and reinstalled it (it didnt want to download and when it would fully download some of the files kept coming up as being corrupt so I had to download it from the internet to the other pc and transfer it on a cd then it went on OK)
then the monitor screen started going off - there was still power going to the monitor so I thought as it was an older CRT model that it was on its way out so it has been replaced with my Grandads CRT monitor that he used for a couple of months before replacing with a flatscreen - nothing wrong with it however the screen continued to go blank (the only way to get anything back on screen was to switch pc off with the power button, after switching back on it worked fine again for a while before going blank again so I have replaced the graphics card for one the same)

Currently no antivirus as AVG started acting up again (before I changed the graphics card) everytime I started to download any antivirus protection I would get an error message or the screen would go off so all I had was windows XP firewall, spybot and adaware) A couple of web pages wont display either. Barclays are offering free kaspersky internet security and it wont install as files are once again corrupt.

I have followed the instructions and run ATF cleaner, new system restore point, malwarebytes quick scan which brought up 'Backdoor.Bot (I ran this yesterday and it came up then too and I thought I had it sortred so slightly puzzled) here is the file from today:
Malwarebytes' Anti-Malware 1.19
Database version: 927
Windows 5.1.2600 Service Pack 2

19:51:28 06/07/2008
mbam-log-7-6-2008 (19-51-28).txt

Scan type: Quick Scan
Objects scanned: 44297
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I then did superantispyware and scanned both C and D and both are fixed drives and no harmful software was detected, then I did panda active scan, here are the results:
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-07-06 23:00:00
PROTECTIONS: 0
MALWARE: 2
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Anti-Malware\Quarantine\b9fe5c584611700e5764ed4a50f4c368.a2q[WINDOWS/system32/dllcache/winlogon.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Anti-Malware\Quarantine\e2a5746ba1bfe899620711d54efb9afc.a2q[hp/bin/KillWind.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Anti-Malware\Quarantine\593bcd2cf66a729a85be129951758eae.a2q[WINDOWS/system32/winlogon.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Anti-Malware\Quarantine\0ec52f12ab20fe692803dfae0a9e7ea3.a2q[WINDOWS/ServicePackFiles/i386/winlogon.exe]
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location e
;===============================================================================
================================================================================
=
===================
No C:\hp\bin\ProcessLogger.exe e
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description e
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069 e
176382 HIGH MS07-057 e
170906 HIGH MS07-045 e
170904 HIGH MS07-043 e
164913 HIGH MS07-033 e
160623 HIGH MS07-027 e
150253 HIGH MS07-016 e
;===============================================================================
================================================================================
=
===================

Here is the uninstall list:

Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Certificate in Web Applications Development CD-ROM
Creative MediaSource
DC-300 TWAIN driver
DLA
Easy-WebPrint
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Gloop!
HandyTools for Web Designer 1.2
Hemera Products
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
hp center
ImageMixer VCD for FinePix
Intel® 845G Chipset Graphics Driver Software
Internet Explorer Q903235
InterVideo WinDVD
Java 2 Runtime Environment Standard Edition v1.3.1_01
KBD
Lizardtech Express View
Malwarebytes' Anti-Malware
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AutoRoute 2002
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard - WE 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Publisher 98
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI NT
NETGEAR WG111v3 wireless USB 2.0 adapter
NOMAD MuVo TX
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7 Anniversary Edition
Panda ActiveScan 2.0
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RAW FILE CONVERTER LE
RealPlayer
RecordNow
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Shockwave
ShowShifter 1.60.1739
Sonic Update Manager
Spybot - Search & Destroy 1.3
SUPERAntiSpyware Free Edition
TC30SP
TT280 software
Tux Paint 0.9.15
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Wildlife Park Gold
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XElemental
Xtras 2



I didnt do the windows updates as it updated itself only a couple of days ago and the update was for SP1 and I wasnt too sure whether to or not.

Then I rebooted and winlogon.exe encountered problems - here are the details in the error window:
szAppName: winlogon.exe
szAppVer: 0.0.0.0.
szModName: msv1_0.dll
szModVer: 5.1.26002180
offset: 000068c4

I also had the error message 'your system has recovered from a serious error. Here are the details:
BCCode: 10000050
BCP1: FFFFDA40
BCP2: 00000000
BCP3: BF9C34E1
BCP4: 00000000
OSVer: 5_1_2600
Product: 768_1

The monitor then decided to go black (screen) and I have had to turn off and then switch it all back on again.
I have tried to go to tiscali email to get the page with the link to download kaspersky (barclays free) and IE will not show the page. I have then tried to download it from a USB flash disk (off the other pc) and when I try and install it I am getting the corrupt files messages again- Error 1335. The cabinet file 'kis7.cab' required for this installation is corrupt and cannot be used - I clicked on ignore and then got a message - internal error 2350

I have deleted the files and tried to download from the kaspersky website - I am getting 'cannot install - corrupt'messages again.

If somebody can please help me I will be grateful as I have spent far too long trying to sort this out on my own (and have a 9 year old who is desperate to get back onto the pc)

(post edited to add uninstall list because I forgot)

Edited by Dizzy blonde, 06 July 2008 - 05:28 PM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Sorry for the delay, it looks like you may have a file infector on board.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

and,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Edited by Mike, 13 July 2008 - 07:37 AM.

  • 0

#3
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you Mike. Yesterday afternoon after seeing your reply I downloaded DrWeb and the pc promptly crashed so after around 10 minutes I manually turned the pc off (even the windows task manager would not work). When I turned back on I moved the original DrWeb to the trash and downloaded it again, I updated it and got a message in a pop up window with the following error message:
[Virus database] C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar SFX2\093cb477 - failed

I closed the pop up (ctrl + W) and Dr web did the first scan and found nothing. I then clicked express scan and it found 'rebootnt.exe' and I selected 'cure'. the scan finished with 1 virus found.
I then did the custom scan (drives C+D) the progress bar had 2 green dots in when I got the following error message:
'setup.exe has encountered a problem and needs to close' I sent an error report.
Then I had the following errror message:
[Virus database] C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar SFX2\e043a942 - failed
I clicked 'OK'
Dr Web crashed and I had to again manually reboot the pc

Once more I started the custom scan and it came up with (I am telling you this because of the pc crashing and the things dont all come up on the final report so please bear with me):
Trojan.StartPage.1505 (EN-GB-ie.reg) which I clicked yes to cure
Tool.Reboot (rebootnt.exe) no option to do anything

and the following came up too:
C:\Program Files\a-squared Anti-Malware\Quarantine\e2a5746ba1bfe899620711d54efb9afc.a2q
archive contains infected objects. Move? I clicked yes

Tool.ProcessKill

this was 1 third of the way through and the programme crashed again immediately after the error message 'setup.exe encountered a problem and had to close'

I restarted DrWeb and this time I managed to get it to scan all the way through and save a file to the desktop. I then went to close the programme and it asked me what I wanted to do with the incurable file 'rebootnt.exe' I wasn't sure what to do so I double clicked on IE and the screen went black, meaning I had to turn the pc off manually - as I had been around 5 hours getting the scan to go all the way through I left it for the day. Here is the report for DrWeb and I will be shortly trying to do the DSS.

rebootnt.exe;C:\Documents and Settings\Owner\Local Settings\Temp\~vis0000;Tool.Reboot;;
A0454166.reg;C:\System Volume Information\_restore{F598387F-3ED0-4478-B3D8-AD0A44E33B2D}\RP875;Trojan.StartPage.1505;Deleted.;


Thank you once again and I will post the next file once done.
  • 0

#4
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, I am trying to do the DSS and as soon as I started it I got the error message
'Freeware implementation of REG.EXE has encountered a problem and needs to close. I clicked to send an error message.

This happened 5 times then as soon as I closed the windows saying the reports had been sent I got the following error message:
'dss.exe has encountered a problem and needs to close' so I clicked yes to send an error message.

The programme closed so I restarted it and it got as far as 'backing up registry hives' (4 blocks in the status bar) then it froze and I got the following error message:
'dss.exe has encountered a problem and needs to close' so I clicked yes to send an error message.

The programme closed again so I restarted it and it got as far as 'backing up registry hives' (4 blocks in the status bar again) then I got the following error message:
'dss.exe has encountered a problem and needs to close' so I clicked yes to send an error message. The programjme closed so I moved it to the recycle bin and downloaded it again. Once more it got as far as 4 blocks in the satatus bar for the registry hives when it had to close again (dss.exe) so I have started it again and the same has happened once it gets to 4 blocks in the status bar.

Any suggestions what I should be doing next or should I be persevering with this scan - it doesn't want to progress past 4 blocks of scanning the registry hives.

Thank you for your time i really appreciate it, I like to think I am not totally incompetent as I can do more than the normal user (and regularly help out family and friends) but this is beyond me - I could not do this without help.
  • 0

#5
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi let's see if we can't get another tool to work.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

To attach a file, do the following:* Click Add Reply
* Under the reply panel is the Attachments Panel
* Browse for the attachment file you want to upload, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* Click on Posted Image to insert the attachment into your post

If not, please just post a Hijack This log.

Edited by Mike, 14 July 2008 - 07:17 AM.

  • 0

#6
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Attached File  OTScanIt.Txt   250.12KB   62 downloads
  • 0

#7
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi, I'm not seeing anything malicious there.

I removed some leftovers from AVG and Mcafee, try re-installing AVG again.

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k]
YN -> UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> MSKAGENTEXE -> %SystemDrive%\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe [C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe]
< Drives - Autoruns > -> 
NY -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ]
YY -> AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found.
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 87 domain(s) found.
YN ->   .[msn] -> My Computer
YN -> *.windowsupdate_microsoft.com [*] -> Trusted sites
YN -> 10 domain(s) and sub-domain(s) not assigned to a zone. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search]
YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVG Security Toolbar]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVG Security Toolbar]
YN -> {ACB1E670-3217-45C4-A021-6B829A8A27CB} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {26CBF141-7D0F-46E1-AA06-718958B6E4D2}[HKEY_LOCAL_MACHINE] -> http://download.ebay.com/turbo_lister/UK/install.cab[Reg Error: Key does not exist or could not be opened.]
YN -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> ~EmptyValue -> Reg Error: Key does not exist or could not be opened.
[Files/Folders - Created Within 30 days]
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> fw20.vxd -> %SystemRoot%\fw20.vxd
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\drweb-cureit.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier
[Files/Folders - Modified Within 30 days]
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\drweb-cureit.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above, Could you tell me what exactly is wrong with your PC at the moment?

Lets do an online scan.


Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#8
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks Mike. I dont want to sound completely dense, but do I try to reinstall AVG before doing OTS or after? Kate.
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Try it after running OTScanIt since it will remove some leftovers :)

Remember to tell me the problems that you are experiencing...

Edited by Mike, 15 July 2008 - 09:00 AM.

  • 0

#10
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Mike,
sorry for the delay (hectic here with a poorly Son and house viewers as trying to sell)
OTScanIt keeps crashing - any suggestions?
  • 0

Advertisements


#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
There is nothing there that it couldn't handle - just a guess but give it a shot in Safe mode.

To boot into Safe Mode:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Select your normal user account.

Otherwise we will look at some other options.
  • 0

#12
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Just running OTScanIt in safe mode so once it has finished I will do the rest and then let you know the results

Ok after 20 minutes I have checked and this programme is not responding (in safe mode)

I am currently jinxed because I cannot do a simple connection of the wii to the internet either.

Edited by Dizzy blonde, 16 July 2008 - 12:58 PM.

  • 0

#13
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
In safe mode you won't have internet connection, but you really are jinxed :)

Get back into normal windows.

Are you getting any errors of some sort by the way?

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

And,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by Mike, 16 July 2008 - 01:13 PM.

  • 0

#14
Dizzy blonde

Dizzy blonde

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks Mike.

I did realise about the internet in safe mode (when I tried it and then looked in internet options to see what was going on :) )

No errors with OTScanIt I just got fed up waiting as it was taking so long (and you said it wouldn't take long) and did 3 finger salute for task manager which showed it as not responding.

I will do what you suggest tomorrow as my Hubby is nagging at me to go and watch a film. Still I sorted out the wii internet connection for Callam....I am truly dizzy - I had not realised it had built in wireless capability and is now connected fine. I will be back tomorrow trying to sort out the other pc. Thank you so much for your help.
  • 0

#15
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
OK, I'll wait for the logs :)

Have fun at the movies!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP