Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trek Blue Error Nuker / Pop ups

Started by Stonerl , Aug 07 2005 09:15 AM

  • Please log in to reply

#1
Stonerl
Posted 07 August 2005 - 09:15 AM

Stonerl

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I've got a similar problem like Lashara here http://www.geekstogo..._ai-t50323.html
but the filenames are different and i've no idea which ones i should remove
I tried out the solutions given in the thread above but they won't help and i can't
find the azvti.dll file which seems to cause the problems

here's the Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 17:11:08, on 07.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.563\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azvti.dll/sp.html#63796
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\azvti.dll/sp.html#63796
O2 - BHO: Class - {F101F265-732D-2CAC-ECDB-8A41D24BFF99} - C:\WINDOWS\syswf.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{50AFD9C2-6F50-4FBC-A1EE-3B2B2743D2DA}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{50AFD9C2-6F50-4FBC-A1EE-3B2B2743D2DA}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{50AFD9C2-6F50-4FBC-A1EE-3B2B2743D2DA}: NameServer = 192.168.0.1
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
bricat
Posted 08 August 2005 - 12:23 PM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Welcome to the Geeks To Go forum.:tazz:



Step 1

Download CWShredder from here.
Open CWShredder and click on 'Check for Updates'.
Download any new reference file and then close the program.

Download and install About Buster 5.0 following the instructions here.
Update the program with the latest definitions and install the extra protection:
-- Install Firefox for surfing so that Internet Explorer can be kept closed until you're clean.
-- Install Spywareblaster to prevent future stealth installations of malware.
Do NOT scan with About Buster yet.

Download, install and setup Ewido Security Suite by following the instructions here.
Once updated, close the program without scanning.

Download Cleanup! from here.

Download CWSServicemove.zip from here and unzip it to your desktop. Don't do anything with it yet.

Ensure you're familiar with rebooting into Safe Mode.

Could you please download DelDomains.zip and unzip it to your desktop.

Right click the DelDomains.inf file inside and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute to do it's stuff,


Copy the below steps to notepad and save them to your desktop. Close Internet Explorer and disconnect from the internet.


Step 2

Run HJT again and checkmark the boxes next to the following:-


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azvti.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\azvti.dll/sp.html#63796
O2 - BHO: Class - {F101F265-732D-2CAC-ECDB-8A41D24BFF99} - C:\WINDOWS\syswf.dll (file missing)
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} -


Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked


Then navigate to and delete these files\folders in BOLD

C:\winstall.exe



Step 3

Reboot into Safe Mode.

Open CWShredder, click Fix and let it remove anything it finds.

Step 4

Start About Buster
With ALL windows closed - VERY important!
Click on 'Begin Removal' to start the scan.
When the scan has finished let it scan again.
A log of the scan will appear in the folder.
Exit About Buster.

Start CleanUp! and do the following:

Click the Options button.
Make sure only the following are checked:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (XP only)
  • Scan local drives for temporary files
  • Cleanup! All Users
Click the Ok button to close the Options dialog.
Click the CleanUp! button to begin cleaning. It may take a while depending on the size of the hard drive so be patient.
When it has finished, close CleanUp! but decline to logoff when prompted.


Step 5

Now open Ewido Security Suite:

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.


Step 6

Now double-click on the CWSServicemove.reg
Confirm you wish to add the contents to the registry when prompted and then reboot back to normal mode.


Step 7

Run an online virus scan at Trend Micro (Europe).

Reboot again when finished and post the following in THIS thread.

1. New HijackThis log
2. About Buster scan log
3. Ewido scan log
4. Feedback on Trend Micro scan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP