Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP - Unable to Link to Certain Sites


  • Please log in to reply

#1
damail

damail

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

I've been directed to post my problem (from the Windows XP) forum to this one (Malware). I have run and completed all steps as described in your malware forum and as directed, by Makai, one of your technicians. The attached HijackThis log file is my output from step 5. Also, I have the last Ad-Aware SE log available at your request. Please advise.

Please see my original post/problem description and response. below. My daughters laptop is having problems linking to certain sites. As advised by a technician I ran the malware claenup steps as directed. He believes we need to clear up the malware issues before troubleshooting Windows IE. In fact, he believes the problems that my daughter is having could be directly related to the spyware issues. I'm running Ad-Aware SE v. 1.6, and it is not cleaning up some critical objects. As stated above, I have the last Ad-Aware SE log available at your request. Please advise.

Please note: my original topic (Windows XP - Unable to Link to Certain Sites) was posted in the Windows XP, 2000, 2003, NT Forum.

My daughter and I appreciate all the help we've been provided thus far.

Thanks, Dave.

HijackThis Logfile: (begin)
Logfile of HijackThis v1.99.1
Scan saved at 4:25:11 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Stephanie\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50212
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50212
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50212
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\System32\req.dat (file missing)
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Help\MUI\dosmsvc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.ed...t/LocalExec.CAB
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: accpc - C:\WINDOWS\Cursors\accpc.dll (file missing)
O20 - Winlogon Notify: cablog - C:\WINDOWS\Web\PRINTERS\cablog.dll (file missing)
O20 - Winlogon Notify: crmain - C:\WINDOWS\Config\crmain.dll (file missing)
O20 - Winlogon Notify: dosmsvc - C:\WINDOWS\Help\MUI\dosmsvc.dll (file missing)
O20 - Winlogon Notify: hardole - C:\WINDOWS\Help\hardole.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dat (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
HijackThis Logfile: (end)

***

Original Post/Problem Description:(Windows XP - Unable to Link to Certain Sites)
My daughters laptop has problems when linking to sites within IE.
For example: When accessing her email system, via IE, my daughter attempts to access a link that is included in an email message, she hangs/waits (hour glass), receives a white screen and then the laptop free's...she does not make it out to the link. The indenticle problem happens when she is on a website and she attempts to access an article (which may try to redirect her to another site).

Her laptop has Windows XP Professional, Version: 6.0.2800.1106.xpsp2.030422-1633. The laptop has Ad-Aware SE and AVG installed and running. Her laptop works like a top other than this problem. I will note there are some adware infections in some of her regisrty files that Ad-Aware cannot delete...even after reboot.

I've compared her Internet Option settings with my work PC, which runs the same operating system, and all are the same. I've deleted cookies, files, etc...

***
This is NOT a good sign.

Please go HERE and follow the directions. If after doing this, the laptop still doesn't work correctly, please post in the Malware forum.

You must free her laptop of all malware before trying to troubleshoot her IE problems as the malware could be directly responsible for it.

makai


--------------------

Please list your system specs... motherboard, processor, video card, ram, etc... if you know them. Also, if it's a desktop or a laptop. And, if its store bought... the manufactures name and model number. It's difficult to help you without this information. You may download the free version of Everest to help you identify your specs.

***
Makai, thanks for your prompt response and help.

I completed steps 1 - 4 as directed by the "please go here" directive. My daughters laptop is still having the same problem. It is clear that Ad-Aware is finding "Critical Objects" for deletion, but is not getting rid of them.

I completed step #5 (downloading and running HijackThis) and have a log file saved to show someone. Specifically, which site/forum should I post the Logfile?
I also have a saved logfile, from Ad-Aware, listing the critical objects found.

My Daughters system information:

Dell Latitude D505 "Laptop" Computer
Purchased directly from Dell
Intel® Celeron® M
processor 1500MHz
1.49 GHz
512MB of RAM
Windows XP
Professional
Version 2002
Service Pack 1


Cannot solve this problem and she is leaving for school soon...please help!
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi damail and Welcome to GeekstoGo!

Please go to Add\Remove Programs and Remove these if they exist

Search Toolbar
WinTools
WebSearch toolbar
Viewpoint\Viewpoint Manager


Please download VundoFix.zip to your desktop.
  • Double-click VundoFix.zip and extract it to your C:\ directory.
  • Copy the instructions below and paste them into Notepad for reference.
    • All other windows need to be closed while doing this fix!
  • Navigate to the new folder C:\VundoFix
  • Double click on KillVundo.bat
    • When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
  • Please press any key to continue.
  • Wait for HiJackThis to open.
  • When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50212

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50212

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50212

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

    O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\System32\req.dat (file missing)

    O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Help\MUI\dosmsvc.dll (file missing)

    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)

    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

    O20 - Winlogon Notify: accpc - C:\WINDOWS\Cursors\accpc.dll (file missing)

    O20 - Winlogon Notify: cablog - C:\WINDOWS\Web\PRINTERS\cablog.dll (file missing)

    O20 - Winlogon Notify: crmain - C:\WINDOWS\Config\crmain.dll (file missing)

    O20 - Winlogon Notify: dosmsvc - C:\WINDOWS\Help\MUI\dosmsvc.dll (file missing)

    O20 - Winlogon Notify: hardole - C:\WINDOWS\Help\hardole.dll (file missing)

    O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dat (file missing)
  • Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.
You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!

Locate and Delete these folders

C:\Program Files\Toolbar

C:\Program Files\Viewpoint

C:\Program Files\Common Files\WinTools

Have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates

Post a new HiJackThis log-> the results from Panda as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix
  • 0

#3
damail

damail

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,

I've completed the instructions as described, below. Here are the logs that you requested.
***Note - I was unable to delete the C:\Program Files\Viewpoint folder. The message I received was: Cannot Delete AxMeta Stream_0302021c.dll acess denied or file may be in use. I'm not sure if this has anything to do with it, but I still have a Viewpoint Media Player program running on the system. The Media Player files are in this folder. Should I have removed the Viewpoint Media Player? The instructions called for removing Viewpoint\Viewpoint Manager. I removed Viewpoint Manager, but did not remove Viewpoint Media Player. Please advise.

Again, thank you very much for your assistance. I will make a donation once we are completed with reolving this problem.

Dave

*** VundoFix Log ***

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 788 'smss.exe'
Threads [792][796][800]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1780 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 888 'winlogon.exe'
Sucessfully Deleted

*** HiJackThis Log ***

Logfile of HijackThis v1.99.1
Scan saved at 12:18:46 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\VundoFix\VundoFix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.ed...t/LocalExec.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

*** Panda Active Scan Log ***

Incident Status Location

Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\6V6PG1KV\newmajorse2[1].cab
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\6V6PG1KV\newmajorse2[1].cab[newmajorse2.txt]
Adware:Adware/HuntBar No disinfected C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\KL2FGPYV\tb3[1].cab[toolbar.dll]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\KL2FGPYV\TBPSSvc[1].cab[TBPSSvc.exe]
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Stephanie\My Documents\VundoFix.zip[process.exe]
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP112\A0005483.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP112\A0005496.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP112\A0005507.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP114\A0005532.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP114\A0005594.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP114\A0005606.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP116\A0005666.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP118\A0005697.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP119\A0005712.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP121\A0005742.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP124\A0005776.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP125\A0005794.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP125\A0005804.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP125\A0005814.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP127\A0005845.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP132\A0005910.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP133\A0005929.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP134\A0005953.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP135\A0005968.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP135\A0005978.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP137\A0006014.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP137\A0006025.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP141\snapshot\MFEX-2.DAT
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP142\A0006083.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP142\A0006084.dll
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP142\A0006089.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP142\snapshot\MFEX-2.DAT
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP187\A0007646.dll
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP188\A0007749.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP188\A0007757.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP191\A0007781.dll
Adware:Adware/HuntBar No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP191\A0007782.dll
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP191\A0007799.exe
Adware:Adware/HuntBar No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP191\A0007805.dll
Adware:Adware/HuntBar No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP191\A0007806.dll
Adware:Adware/HuntBar No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP194\A0007849.dll
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP194\A0007850.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP194\A0007852.dll
Hacktool:Hacktool/Processor No disinfected C:\VundoFix\VundoFix\process.exe
Hacktool:Hacktool/Processor No disinfected C:\VundoFix.zip[process.exe]
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I am not so much worried about the Viewpoint entry!

If you use the Media Player,then leave it be!

If you dont,then remove it as well!

You got rid of the nasty part of that entry allready!

It appears that Vundo is gone for good!

Disable System Restore
http://service1.syma...src=sec_doc_nam

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Press "Restore Original Hosts" and press "OK"!!
Exit Program!

Download CCleaner
http://www.filehippo...d_ccleaner.html

Download CleanUp! 4.0
http://downloads.ste...p/CleanUp40.exe

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62


Once in Safe Mode-> Open up CCleaner and Click "Run Cleaner" and let it do its thing!

Now open up CleanUp!-> Click the Cleanup Button and let it roll-> when it finishes,Click "Close" and Click "NO" to Log off!

Now I want you to Verify manually that all Temp Files and Folders have been cleaned!

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Temp

C:\Windows\Temp

C:\Windows\System32\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)

Restart Normal and have the PC scanned here to see how we have done
http://support.f-sec.../home/ols.shtml

Go ahead and Install Spyware Blaster and WinHelps Hosts File

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelps Hosts File
http://www.mvps.org/...p2002/hosts.htm

Made easy here
http://www.mvps.org/...2002/hosts2.htm

Post back with the Results from F-Secure and let me know how the Machine is Running?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP