[Rawe]

Basically there's no point to make backups unless you have something needed on your temporary files. It will clean up them. For instance, if you have something stored in your temporary internet files you want to keep.. If you want to keep your cookies for example
You can just create a new folder somewhere else than temporary files and move the things there you wanna keep. If there's nothing you know of, no need for backups.

- Rawe

[Advertisements]

Problem once more. I now have FireFox downloaded, but Im having problems getting Trend Free Micro Scan.

When Ive gone back on IE, I keep getting something to do with Active X not working because of security settings.

That, and when on FireFox, I need some sort of Plug In?

[Lisa2005]

Problem once more. I now have FireFox downloaded, but Im having problems getting Trend Free Micro Scan.

When Ive gone back on IE, I keep getting something to do with Active X not working because of security settings.

That, and when on FireFox, I need some sort of Plug In?

[Rawe]

Oh, right. You don't have Java.
It should be here for download;
https://sdlcweb4c.su...97863E4CA02458A

Install it before proceeding the fix.. And remember not to get the TrendMicro A/V scan before you have proceeded the whole fix - just run it when you get back to normal mode.

- Rawe

[Lisa2005]

when i click on the link, it doesnt work

[Rawe]

Does this work;
http://192.18.97.134...dows-i586-p.exe

[Lisa2005]

Its working now

Thanks Rawe

EDIT: So, I can download Trend Micro Scan when I return to Normal Mode? Or do I need to download it now?

Edited by Lisa2005, 11 August 2005 - 09:38 AM.

[Rawe]

Yes, if you installed Java correctly..

But no worries if it just won't work. There is different tools to use instead of online scans
out there.

[Lisa2005]

Im not getting that blasted pop up now! ^^


Log file from HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 16:51:46, on 11/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Fujitsu\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Fujitsu\Adsl\dslagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


The info from the SmitFiles.txt

smitRem log file
version 2.3

by noahdfear

The current date is: 11/08/2005
The current time is: 16:54:38.01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed!


Pre-run Files Present


~~~ Program Files ~~~

PSGuard


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

ole32vbs.exe
intmon.exe
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! ~~~~


hope that has been done correctly.

Ill go to ad aware now, anything else I need to do before hand?

[Rawe]

Umm.. I asked you to run the programs in Safe Mode didn't I?
Please don't run them in normal mode..

Just print the whole instructions out and do them as I asked you to.. Reboot into Safe Mode.. Run HJT and fix that one object, run SmitRem, Ad-aware, Ewido, cleanup
then reboot into normal mode and post a fresh HiJackThis log.

[Lisa2005]

oh, so i have to do all the scans in safe mode? lol, sorry, i got confused xD

[Rawe]

No problem

Just read the entire instructions out and start from the first step and follow them to the latest one. SmitRem didn't run correctly in normal mode, and I don't need an HiJackThis log which was taken before the entire process.

[Lisa2005]

Just recently did all the scans in safe mode, now im ready for the online one.

However, I just wondered if I could get my bar back to green again, as ya know, where there is the start button.

It looks all different, is there anyway I can go back to what it was before I went into safe mode?

Also, Trend Micro Scan kinda froze, so I had to exit the program.

Did you say there was something else that could get rid of viruses and stuff in the future?

Let me know.

Ill wait for your advice. Youve been very helpful Rawe

[Rawe]

I just wondered if I could get my bar back to green again, as ya know, where there is the start button.

Ok, can you tell me if you have any missing properties tabs?

Do you mean your xp theme has gone to classic? Could you clear that up a little for me please.

Can you just post me a fresh HiJackThis log and run this;
Click "Start", Run and type in; MRT
Click "Ok". When the window pops up, click "Next". It will scan, let me know if it finds anything.

- Rawe

[Lisa2005]

yeh, its gone back to a basic type thingy xD

Hm. Im a bit lost.

Do you mean I have to do another HiJackThis log, and then go to Start, a completetly different process, or all the steps youve mentioned all go together?

Thanks if you can let me know

[Rawe]

Sorry for being unclear

Post me a fresh HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log from the scan in Safe Mode.

Then do this; Click "Start", Run and type in; MRT
Click "Ok". When the window pops up, click "Next". It will scan, let me know if it finds anything.

Just post me the Ewido/HiJackThis/Smitfiles log to your next reply and tell me if the Windows malicious software removal tool detected anything.

- Rawe

Is any of your display propertie tabs missing?
I mean, can you change your XP theme without problems?