rdriv installation
Started by
kanishka
, Jun 11 2005 08:39 AM
#1
Posted 11 June 2005 - 08:39 AM
#2
Posted 15 June 2005 - 04:59 PM
Welcome kanishka to Geeks to Go!
Please download the latest version of HiJack This. Click here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.
2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".
3.) Click on the button to "create new folder" and name the folder HiJackThis
4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.
Double click HijackThis to run a scan and save the log.
Post that log here in your reply to this topic by using the 'add reply' button.
Please download the latest version of HiJack This. Click here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.
2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".
3.) Click on the button to "create new folder" and name the folder HiJackThis
4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.
Double click HijackThis to run a scan and save the log.
Post that log here in your reply to this topic by using the 'add reply' button.
#3
Posted 16 June 2005 - 10:14 PM
hello,
here is the log that u asked for.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\winssvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hawk\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\winssvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
here is the log that u asked for.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\winssvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hawk\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\winssvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
#4
Posted 17 June 2005 - 12:39 PM
Please post me the header along with the log, so the part starting with HijackThis log, date of creation etc.
#5
Posted 18 June 2005 - 12:04 AM
here is what u requested for. the log file with d header. lokking forward 2 ur reply.
Logfile of HijackThis v1.99.1
Scan saved at 11:31:56 AM, on 6/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\winssvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\rasautou.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\hawk\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\winssvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:31:56 AM, on 6/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\winssvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\rasautou.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\hawk\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\winssvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
#6
Posted 18 June 2005 - 05:57 AM
Please follow all instructions as specified. Print these instructions to ensure all are followed.
You are running HijackThis from its zipped archive; please create a new folder for it and unzip the program into it. It is very important you do this before anything else!
---------
Go to this site:
http://www.virustota...h/index_en.html
Have this file scanned there:
C:\WINDOWS\winssvc.exe
Copy the result to a notepad file and save it to your desktop.
---------
Please download the following programs, but do not run them yet:
* rdrivRem.zip*Unzip it to your desktop.
* Ewido Security Suite*Install ewido security suite
*Launch ewido, there should be a big E icon on your desktop, double-click it.
*The program will prompt you to update click the OK button
*The program will now go to the main screen
*You will need to update ewido to the latest definition files.
*On the left hand side of the main screen click update
*Click on Start
*The update will start and a progress bar will show the updates being installed.
*After the updates are installed exit Ewido.
* CleanUp!*Install it.
***
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.
***
1.) Please double-click rdrivRem.bat to run the program - follow the instructions on the screen.
***
2.) Double-click the Ewido Security Suite icon to run the program. Set the program up as follows:*Click on scanner
*Make sure the following boxes are checked before scanning:
*Binder
*Crypter
*Archives
*Click on Start Scan
*Let the program scan the machine
While the scan is in progress you will be prompted to clean the first file. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the window (this way you don't have to sit and watch ewido) click OK
*Once the scan has completed, there will be a button located on the bottom of the screen named Save report
*Click Save report
*Save the report to your desktop.
***
3.) Find and doubleclick the file cleanup.
Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'
Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.
***
4.) Run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
Close HiJackThis.
***
5.) Use windows Explorer to remove these folders:
C:\Program Files\Common Files\Hyperbar\
C:\Program Files\Warez P2P Client\
***
6.) Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out.
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.
***
7.) Run this online virus scan:
ActiveScan
Save the results from ActiveScan.
***
I need you to post the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic. Also post the scanresult for the file I let you scan.
You are running HijackThis from its zipped archive; please create a new folder for it and unzip the program into it. It is very important you do this before anything else!
---------
Go to this site:
http://www.virustota...h/index_en.html
Have this file scanned there:
C:\WINDOWS\winssvc.exe
Copy the result to a notepad file and save it to your desktop.
---------
Please download the following programs, but do not run them yet:
* rdrivRem.zip*Unzip it to your desktop.
* Ewido Security Suite*Install ewido security suite
*Launch ewido, there should be a big E icon on your desktop, double-click it.
*The program will prompt you to update click the OK button
*The program will now go to the main screen
*You will need to update ewido to the latest definition files.
*On the left hand side of the main screen click update
*Click on Start
*The update will start and a progress bar will show the updates being installed.
*After the updates are installed exit Ewido.
* CleanUp!*Install it.
***
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.
***
1.) Please double-click rdrivRem.bat to run the program - follow the instructions on the screen.
***
2.) Double-click the Ewido Security Suite icon to run the program. Set the program up as follows:*Click on scanner
*Make sure the following boxes are checked before scanning:
*Binder
*Crypter
*Archives
*Click on Start Scan
*Let the program scan the machine
While the scan is in progress you will be prompted to clean the first file. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the window (this way you don't have to sit and watch ewido) click OK
*Once the scan has completed, there will be a button located on the bottom of the screen named Save report
*Click Save report
*Save the report to your desktop.
***
3.) Find and doubleclick the file cleanup.
Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'
Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.
***
4.) Run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
Close HiJackThis.
***
5.) Use windows Explorer to remove these folders:
C:\Program Files\Common Files\Hyperbar\
C:\Program Files\Warez P2P Client\
***
6.) Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out.
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.
***
7.) Run this online virus scan:
ActiveScan
Save the results from ActiveScan.
***
I need you to post the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic. Also post the scanresult for the file I let you scan.
#7
Posted 19 June 2005 - 03:47 AM
hello i have done all the process here r the things u requested for. let me know weather i can install xpsp-2 now or not. LOOKING FORWARD FOR UR REPLY.
ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:53:34 AM, 6/19/2005
+ Report-Checksum: 5AECD486
+ Date of database: 6/18/2005
+ Version of scan engine: v3.0
+ Duration: 25 min
+ Scanned Files: 30182
+ Speed: 20.12 Files/Second
+ Infected files: 60
+ Removed files: 60
+ Files put in quarantine: 60
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
E:\
+ Scan result:
C:\WINDOWS\winssvc.exe -> Backdoor.SdBot.zo -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP14\A0005854.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP14\A0005868.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP14\A0005882.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP15\A0005903.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP15\A0005937.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP15\A0006015.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP16\A0006957.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0006977.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0006989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0007989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0008989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0009989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0010989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0011989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0012009.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0012023.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0012042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0013042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0014041.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0015042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0016042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0017041.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0019042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0020042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0021040.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0022042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0022060.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0023060.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0025063.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026058.dll -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026059.exe -> Spyware.NewDotNet.C -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026065.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026077.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026086.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0026106.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0026179.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0027178.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0028176.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0029178.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP21\A0029192.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP21\A0030190.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP21\A0030210.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0030226.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0030236.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0030249.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0031251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0032252.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0033248.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0034251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0035251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0036251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0037251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0038248.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0038280.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0039279.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0039291.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0039299.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0040299.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\FOUND.004\FILE0001.CHK -> Trojan.Rootkit.k -> Cleaned with backup
::Report End
LOG OF ACTIVE SCAN:
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/Hyperbar No disinfected C:\hjt\backups\backup-20050619-121649-601.dll
LOG OF HIGHJACK THIS:
Logfile of HijackThis v1.99.1
Scan saved at 3:15:28 PM, on 6/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\winssvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
SCAN RESULT OF THE FILE:
This is a report processed by VirusTotal on 06/18/2005 at 21:13:26 (CET) after scanning the file "winssvc.exe-up.txt" file.
Antivirus Version Update Result
AntiVir 6.31.0.7 06.17.2005 no virus found
AVG 718 06.14.2005 no virus found
Avira 6.31.0.7 06.17.2005 no virus found
BitDefender 7.0 06.18.2005 no virus found
ClamAV devel-20050501 06.18.2005 no virus found
DrWeb 4.32b 06.18.2005 no virus found
eTrust-Iris 7.1.194.0 06.17.2005 no virus found
eTrust-Vet 11.9.1.0 06.17.2005 no virus found
Fortinet 2.35.0.0 06.18.2005 no virus found
Ikarus 2.32 06.18.2005 no virus found
Kaspersky 4.0.2.24 06.18.2005 no virus found
McAfee 4516 06.17.2005 no virus found
NOD32v2 1.1145 06.18.2005 no virus found
Norman 5.70.10 06.17.2005 no virus found
Panda 8.02.00 06.18.2005 no virus found
Sybari 7.5.1314 06.18.2005 no virus found
Symantec 8.0 06.18.2005 no virus found
TheHacker 5.8-3.0 06.17.2005 no virus found
VBA32 3.10.3 06.17.2005 no virus found
ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:53:34 AM, 6/19/2005
+ Report-Checksum: 5AECD486
+ Date of database: 6/18/2005
+ Version of scan engine: v3.0
+ Duration: 25 min
+ Scanned Files: 30182
+ Speed: 20.12 Files/Second
+ Infected files: 60
+ Removed files: 60
+ Files put in quarantine: 60
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
E:\
+ Scan result:
C:\WINDOWS\winssvc.exe -> Backdoor.SdBot.zo -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP14\A0005854.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP14\A0005868.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP14\A0005882.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP15\A0005903.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP15\A0005937.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP15\A0006015.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP16\A0006957.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0006977.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0006989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0007989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0008989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0009989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP17\A0010989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0011989.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0012009.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0012023.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0012042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0013042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0014041.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0015042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0016042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0017041.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0019042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0020042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP18\A0021040.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0022042.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0022060.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0023060.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0025063.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026058.dll -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026059.exe -> Spyware.NewDotNet.C -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026065.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026077.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP19\A0026086.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0026106.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0026179.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0027178.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0028176.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP20\A0029178.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP21\A0029192.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP21\A0030190.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP21\A0030210.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0030226.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0030236.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0030249.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0031251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0032252.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0033248.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0034251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0035251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0036251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0037251.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0038248.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0038280.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0039279.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0039291.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0039299.SYS -> Trojan.Rootkit.k -> Cleaned with backup
C:\System Volume Information\_restore{6C033B2D-A893-49D6-A43A-C825614F23DD}\RP22\A0040299.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\FOUND.004\FILE0001.CHK -> Trojan.Rootkit.k -> Cleaned with backup
::Report End
LOG OF ACTIVE SCAN:
Incident Status Location
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/Hyperbar No disinfected C:\hjt\backups\backup-20050619-121649-601.dll
LOG OF HIGHJACK THIS:
Logfile of HijackThis v1.99.1
Scan saved at 3:15:28 PM, on 6/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: AOL Instant Messenger - Unknown owner - C:\WINDOWS\winssvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
SCAN RESULT OF THE FILE:
This is a report processed by VirusTotal on 06/18/2005 at 21:13:26 (CET) after scanning the file "winssvc.exe-up.txt" file.
Antivirus Version Update Result
AntiVir 6.31.0.7 06.17.2005 no virus found
AVG 718 06.14.2005 no virus found
Avira 6.31.0.7 06.17.2005 no virus found
BitDefender 7.0 06.18.2005 no virus found
ClamAV devel-20050501 06.18.2005 no virus found
DrWeb 4.32b 06.18.2005 no virus found
eTrust-Iris 7.1.194.0 06.17.2005 no virus found
eTrust-Vet 11.9.1.0 06.17.2005 no virus found
Fortinet 2.35.0.0 06.18.2005 no virus found
Ikarus 2.32 06.18.2005 no virus found
Kaspersky 4.0.2.24 06.18.2005 no virus found
McAfee 4516 06.17.2005 no virus found
NOD32v2 1.1145 06.18.2005 no virus found
Norman 5.70.10 06.17.2005 no virus found
Panda 8.02.00 06.18.2005 no virus found
Sybari 7.5.1314 06.18.2005 no virus found
Symantec 8.0 06.18.2005 no virus found
TheHacker 5.8-3.0 06.17.2005 no virus found
VBA32 3.10.3 06.17.2005 no virus found
#8
Posted 19 June 2005 - 04:09 AM
hi there,
right now i just restarted my computer . still i am getting the popup in my startup menu regarding installation of rdriv hardware and along with it a new pop up is aslo comming ,which also says that a new hardware was found, installation of ewido security suite hardware.
i have also run the "search" for rdriv file. now i am not finding the file "c:\windows\system32\rdriv.sys" which was present earlier.
i have added this reply before u reply me thinking this wod help u save time. loking forward 4 ur reply.
right now i just restarted my computer . still i am getting the popup in my startup menu regarding installation of rdriv hardware and along with it a new pop up is aslo comming ,which also says that a new hardware was found, installation of ewido security suite hardware.
i have also run the "search" for rdriv file. now i am not finding the file "c:\windows\system32\rdriv.sys" which was present earlier.
i have added this reply before u reply me thinking this wod help u save time. loking forward 4 ur reply.
#9
Posted 19 June 2005 - 05:08 AM
Did you try to scan this file:
C:\WINDOWS\winssvc.exe
The scan result says you had this file scanned:
winssvc.exe-up.txt
Please try again.
---
Were you able to run rdrivRem.bat?
C:\WINDOWS\winssvc.exe
The scan result says you had this file scanned:
winssvc.exe-up.txt
Please try again.
---
Were you able to run rdrivRem.bat?
#10
Posted 20 June 2005 - 02:00 PM
hello.
there is no file named "C:\WINDOWS\winssvc.exe" in existence in my computer. so waht shal i do know?
there is no file named "C:\WINDOWS\winssvc.exe" in existence in my computer. so waht shal i do know?
#11
Posted 20 June 2005 - 03:39 PM
Were you able to run rdrivRem.bat?
#12
Posted 20 June 2005 - 11:09 PM
hi ,
i downloaded rdrivrem zipped file from the link u suggested then extrated the folder on my desktop. then when was in safe mode i double cliked the folder there was a 8kb ms dos batch file in it which i ran double cliking it. then a screen appeared saying that the makers of this file r not resposible for anything that happens in my comp. there was a contineu button for continuing the process and for exiting one had to close the window. i pressed the contineu botton but after that nothing happend. i thought the process has taken place so then i went forward with rest of the instuctions.
plz. tell me wat to do next.
i downloaded rdrivrem zipped file from the link u suggested then extrated the folder on my desktop. then when was in safe mode i double cliked the folder there was a 8kb ms dos batch file in it which i ran double cliking it. then a screen appeared saying that the makers of this file r not resposible for anything that happens in my comp. there was a contineu button for continuing the process and for exiting one had to close the window. i pressed the contineu botton but after that nothing happend. i thought the process has taken place so then i went forward with rest of the instuctions.
plz. tell me wat to do next.
#13
Posted 21 June 2005 - 03:51 PM
Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
AOL Instant Messenger
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next step.
***
Open HijackThis to the misc tools section and click the Delete an NT Sevice button.
Paste in
AOL Instant Messenger
and click OK.
Close HijackThis.
Let the system reboot.
Let me know how things are now and post me a fresh log using HijackThis to check.
Scroll down and find the service called:
AOL Instant Messenger
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next step.
***
Open HijackThis to the misc tools section and click the Delete an NT Sevice button.
Paste in
AOL Instant Messenger
and click OK.
Close HijackThis.
Let the system reboot.
Let me know how things are now and post me a fresh log using HijackThis to check.
#14
Posted 23 June 2005 - 03:34 AM
hello,
well i found the service in "Services.msc" when i double clicked the service was already stopped and ten i also disabled it. and then i restarted the comp. but still there is no improvement. i am having the same pop up of hardware installation. also in display in the themes section the window classic and the window xp thems have become the same except the wallpaper behind them.
here is the new log that u requested for
Logfile of HijackThis v1.99.1
Scan saved at 3:04:15 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
well i found the service in "Services.msc" when i double clicked the service was already stopped and ten i also disabled it. and then i restarted the comp. but still there is no improvement. i am having the same pop up of hardware installation. also in display in the themes section the window classic and the window xp thems have become the same except the wallpaper behind them.
here is the new log that u requested for
Logfile of HijackThis v1.99.1
Scan saved at 3:04:15 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AIRTEL\AIRTEL-Broadband\pppoetray.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [%FP%AIRTEL fts.exe] "C:\Program Files\AIRTEL\AIRTEL-Broadband\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117646471222
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5BAB303-5CE4-4DCB-BCCB-591793A1B6D6}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33A2A29-FCA1-4091-ADE0-BE9F08CAFDA2}: NameServer = 202.56.215.6 202.56.230.6
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
#15
Posted 23 June 2005 - 03:59 AM
To repair the XP styles:
One of our Experts, Miekiemoes uploaded a copy of her luna.msstyles, so
click on this link to download it. Click here
Unzip it and using windows explorer, move the luna.msstyles which is in the folder you unzipped to this folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it anywhere else except that folder!
When you have moved it, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.
If not, reboot first, and try again to select Windows XPstyle
***
Reboot and try to make a screenshot of that installation message. Add it as an attachment to this post.
One of our Experts, Miekiemoes uploaded a copy of her luna.msstyles, so
click on this link to download it. Click here
Unzip it and using windows explorer, move the luna.msstyles which is in the folder you unzipped to this folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it anywhere else except that folder!
When you have moved it, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.
If not, reboot first, and try again to select Windows XPstyle
***
Reboot and try to make a screenshot of that installation message. Add it as an attachment to this post.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users