• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
micpic

Corrupted webpages

49 posts in this topic

In the body of various otherwise properly appearing webpages I see parts of this message appearing in

blue: "Internet Explorer cannot display the webpage" this is preceded by the icon i in a blue circle.

Depending on its position on the webpage further words in that message also appear such as "Most

likely...." etc. Various parts of this message appear. It would help if I could show you a screen

print but I don't think this is an option.

 

An example is at http://tranquil-journey.tripod.com/ but it seems that this corruption only appears on

my computer. I have cleared my temporary internet files, cookies and history but this hasn't helped,

and a system restore was unable to reset to an earlier date. I have read the FAQ and followed the directions given on this forum. The following are requested log files:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:50:30, on 13/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\DVDRAMSV.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QUICKENW\QAGENT.EXE

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\ICQLite\ICQLite.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\PROGRA~1\AIM\AIMWDI~1.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\BBC Alerts\BBC_Alerts.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

C:\Program Files\Climate Change Experiment\boinc.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloydstsb.co.uk/customer.ibc

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [bBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband

O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125036719218

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.42 212.139.132.41

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Wed, Jun 13, 2007 - 18:16:41

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:11:16

 

Files

303786

 

Folders

7568

 

Boot Sectors

2

 

Archives

17609

 

Packed Files

7325

 

 

 

 

Results

 

Identified Viruses

5

 

Infected Files

33

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

38

 

 

 

 

Engines Info

 

Virus Definitions

513460

 

Engine build

AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

6

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\Documents and Settings\Mike\.housecall6.6\Quarantine\splug.dll.bac_a00344=>(Quarantine-4)

Infected with: Trojan.Zlob.AAC

 

C:\Documents and Settings\Mike\.housecall6.6\Quarantine\splug.dll.bac_a00344=>(Quarantine-4)

Deleted

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\2676360B.htm=>(Quarantine-2)

Infected with: Generic.XPL.MhtRedir.BCFB123A

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\2676360B.htm=>(Quarantine-2)

Disinfection failed

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\2676360B.htm=>(Quarantine-2)

Deleted

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58E430AD.htm=>(Quarantine-2)

Infected with: Generic.XPL.MhtRedir.BCFB123A

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58E430AD.htm=>(Quarantine-2)

Disinfection failed

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58E430AD.htm=>(Quarantine-2)

Deleted

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58F72C98.htm=>(Quarantine-2)

Infected with: Generic.XPL.MhtRedir.BCFB123A

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58F72C98.htm=>(Quarantine-2)

Disinfection failed

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58F72C98.htm=>(Quarantine-2)

Deleted

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\590B2882.htm=>(Quarantine-2)

Infected with: Generic.XPL.MhtRedir.BCFB123A

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\590B2882.htm=>(Quarantine-2)

Disinfection failed

 

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\590B2882.htm=>(Quarantine-2)

Deleted

 

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.B@mm

 

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB

Update failed

 

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.B@mm

 

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

 

Kaspersky log (The scan froze after about 5 minutes, on two separate attempts)

 

Wednesday, June 13, 2007 4:56:08 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 13/06/2007

Kaspersky Anti-Virus database records: 345378

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

 

Scan Statistics

Total number of scanned objects 5162

Number of viruses found 2

Number of infected objects 2

Number of suspicious objects 0

Duration of the scan process 00:05:41

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\Mike\.housecall6.6\Quarantine\splug.dll.bac_a00344 Infected: Trojan-Downloader.Win32.Zlob.aeg skipped

 

C:\Documents and Settings\Mike\Application Data\Aim\findawaym3\cert8.db Object is locked skipped

 

C:\Documents and Settings\Mike\Application Data\Aim\findawaym3\key3.db Object is locked skipped

 

C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\Mike\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

 

Scan was interrupted by user!

 

AVG Anti-Spyware - Scan Report (In SAFE MODE this software wouldn't run, the following message appeared:"Connection to service failed. Please reinstall AVG Anti-Spyware 7.5", reinstalling didn't help, so ran in NORMAL MODE).

---------------------------------------------------------

 

+ Created at: 16:25:56 13/06/2007

 

+ Scan result:

 

 

 

Nothing found.

 

 

::Report end

 

 

Your assistance will be very much appreciated.

Thank you.

Edited by micpic

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

It seems that you've been infected with an e-mail worm, which may be responsible:

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Also:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

Thanks Jedi for your response. I'll be back home on Monday (2nd July) and will be able to follow up straightaway on your instructions. Again, many thanks.

Mike

Share this post


Link to post
Share on other sites

You're welcome. :)

 

jedi

Share this post


Link to post
Share on other sites

Jedi, here is the ComboFix report

 

ComboFix 07-06-18.2 - C:\Documents and Settings\Mike\Desktop\ComboFix.exe

"Mike" - 2007-07-02 19:10:24 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

 

 

2007-07-02 19:08 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-07-02 17:25 <DIR> d-------- C:\DOCUME~1\Mike\DoctorWeb

2007-06-14 09:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-06-13 16:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-06-13 14:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-02 18:05:04 -------- d-----w C:\Program Files\Climate Change Experiment

2007-07-02 16:22:32 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-00531102}.dat

2007-07-02 16:22:32 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-00531102}.dat

2007-07-02 16:07:57 -------- d-----w C:\Program Files\Microsoft Money

2007-06-19 20:35:36 -------- d-----w C:\Program Files\Opera

2007-06-13 07:23:24 -------- d-----w C:\Program Files\Spring Wildflowers Saver 1.3

2007-06-13 05:30:34 -------- d-----w C:\Program Files\SpywareBlaster

2007-06-12 16:24:44 1,080 ----a-w C:\WINDOWS\AUTOLNCH.REG

2007-06-10 18:31:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-12 19:13:50 -------- d-----w C:\Program Files\Paint Shop Pro 5

2007-05-11 11:13:42 3,500 ----a-w C:\WINDOWS\system32\tmp.reg

2007-05-11 10:27:34 11,470,608 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe

2007-05-09 08:18:59 -------- d-----w C:\Program Files\Windows Live Safety Center

2007-05-09 05:18:14 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-06 19:17:25 -------- d-----w C:\DOCUME~1\Mike\APPLIC~1\SpywareBot

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-26 08:04]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2001-07-25 14:04]

"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2002-01-24 20:39]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []

"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]

"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 16:30]

"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 21:29]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-10 09:09]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 08:04]

"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-08-10 16:37]

"BBC Alerts"="C:\Program Files\BBC Alerts\BBC_Alerts.exe" [2006-06-01 14:36]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"=Narrator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk

backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk

backup=C:\WINDOWS\pss\Camio Viewer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gwum.lnk

backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk

backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]

adiras.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneIV]

C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]

C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

"C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]

C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSZTCE]

C:\WINDOWS\System32\MSZTCE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]

C:\WINDOWS\MXOALDR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetTimer 2000]

"C:\Program Files\NetTimer 2000\NetTimer.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]

PROMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]

C:\Program Files\QUICKENW\QAGENT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar]

"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]

"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]

RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba3b02ba-c0d2-11db-b9c1-4d6564696130}]

AutoRun\command- F:\LaunchU3.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-06 19:17:24 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

2007-07-02 15:45:53 C:\WINDOWS\tasks\User_Feed_Synchronization-{0197D88E-5CD5-440C-9246-3880115388CD}.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-02 19:15:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???F????&2???A~??A~F???????\???\???????????U?A~??A~\???\?????????_??????C@?\???\??????sF???\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-02 19:16:12

 

--- E O F ---

 

 

and here is the Dr.WebCureIt report

 

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\TRITON_UK_2.2.25.1;Probably BACKDOOR.Trojan;Incurable.Moved.;

Process.exe;C:\Documents and Settings\Mike\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;

restart.exe;C:\Documents and Settings\Mike\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;

iwapi.chm\DLLGeneral.html;C:\Program Files\InstantCD+DVD\InstantWrite\SDK\iwapi.chm;Modification of BAT.Wed.4730;;

iwapi.chm;C:\Program Files\InstantCD+DVD\InstantWrite\SDK;Archive contains infected objects;Moved.;

gendel32.ex_;C:\Program Files\SaberQuestPageBurner\setup;Tool.Gendel;Incurable.Moved.;

 

 

Thank you, Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, I think you're clean, but I want to run another check, before we tackle the webpage problem:

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

jedi

Share this post


Link to post
Share on other sites

jedi, here's the BitDefender report:

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Tue, Jul 03, 2007 - 22:41:43

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:08:41

 

Files

283922

 

Folders

7570

 

Boot Sectors

2

 

Archives

12165

 

Packed Files

7150

 

 

 

 

Results

 

Identified Viruses

3

 

Infected Files

28

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

28

 

 

 

 

Engines Info

 

Virus Definitions

636723

 

Engine build

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

6

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.B@mm

 

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB

Update failed

 

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.B@mm

 

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB

Update failed

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.C@mm

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10

Deleted

 

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10

Infected with: Win32.Netsky.AA@mm

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10

Deleted

 

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB

Update failed

 

 

Many thanks, Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, can I see a fresh HiJackThis log, and please let me know how the PC is performing.

 

jedi

Share this post


Link to post
Share on other sites

Jedi, here is a new HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:38:01, on 04/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\DVDRAMSV.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\ICQLite\ICQLite.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\PROGRA~1\AIM\AIMWDI~1.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\BBC Alerts\BBC_Alerts.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

C:\Program Files\Climate Change Experiment\boinc.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Microsoft Money\System\reminder.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloydstsb.co.uk/customer.ibc

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [bBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband

O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125036719218

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.41 212.139.132.42

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

 

The corrupted webpages are still evident but apart from that the computer seems to be going well and not going slow.

 

Many thanks, Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Please download and install the Firefox browser.

http://www.mozilla-europe.org/en/products/firefox/

Surf with Firefox to the same webpages and let me know if you can access them correctly, or if you get the same fault.

 

jedi

Share this post


Link to post
Share on other sites

jedi, have installed Firefox and get the same fault, part of a message appears on the webpage which I think reads "Unable to connect...", although the connection to the site is Ok.

 

Thank you for your continued help.

Mike

 

 

 

I hope this isn't a red-herring but it seems as though the fragments of browser messages appear in places where there ought to be legitimate adverts. Hope this helps. Mike

Edited by micpic

Share this post


Link to post
Share on other sites

Hi again,

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5) Restart your computer.

You can reenable TeaTimer once your system is clean.

 

Ok,

 

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

 

File::

C:\WINDOWS\system32\tmp.reg

Folder:

C:\WINDOWS\AUTOLNCH.REG

C:\Program Files\WildTangent

 

Save this as ComboFix-Do.txt

 

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

 

Combo-Do.gif

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

 

jedi

Share this post


Link to post
Share on other sites

jedi, as requested:

 

ComboFix 07-06-18.2 - C:\Documents and Settings\Mike\Desktop\ComboFix.exe

"Mike" - 2007-07-05 20:22:30 - Service Pack 2 NTFS

Command switches used :: C:\Documents and Settings\Mike\Desktop\ComboFix-Do.txt

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\AUTOLNCH.REG

C:\WINDOWS\system32\tmp.reg

 

 

((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))

 

 

2007-07-02 19:08 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-07-02 17:25 <DIR> d-------- C:\DOCUME~1\Mike\DoctorWeb

2007-06-14 09:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-06-13 16:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-06-13 14:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-05 19:16:22 -------- d-----w C:\Program Files\Climate Change Experiment

2007-07-05 19:14:48 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-00531102}.dat

2007-07-05 19:14:48 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-00531102}.dat

2007-07-05 16:35:10 -------- d-----w C:\Program Files\Microsoft Money

2007-06-19 20:35:36 -------- d-----w C:\Program Files\Opera

2007-06-13 07:23:24 -------- d-----w C:\Program Files\Spring Wildflowers Saver 1.3

2007-06-13 05:30:34 -------- d-----w C:\Program Files\SpywareBlaster

2007-06-10 18:31:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-12 19:13:50 -------- d-----w C:\Program Files\Paint Shop Pro 5

2007-05-11 10:27:34 11,470,608 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe

2007-05-09 08:18:59 -------- d-----w C:\Program Files\Windows Live Safety Center

2007-05-09 05:18:14 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-06 19:17:25 -------- d-----w C:\DOCUME~1\Mike\APPLIC~1\SpywareBot

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-26 08:04]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2001-07-25 14:04]

"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2002-01-24 20:39]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []

"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]

"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 16:30]

"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 21:29]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-10 09:09]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 08:04]

"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-08-10 16:37]

"BBC Alerts"="C:\Program Files\BBC Alerts\BBC_Alerts.exe" [2006-06-01 14:36]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"=Narrator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

@=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk

backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk

backup=C:\WINDOWS\pss\Camio Viewer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gwum.lnk

backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk

backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]

adiras.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneIV]

C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]

C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]

C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

"C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]

C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSZTCE]

C:\WINDOWS\System32\MSZTCE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]

C:\WINDOWS\MXOALDR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetTimer 2000]

"C:\Program Files\NetTimer 2000\NetTimer.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]

PROMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]

C:\Program Files\QUICKENW\QAGENT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar]

"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]

"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]

RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

CTHELPER.EXE

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba3b02ba-c0d2-11db-b9c1-4d6564696130}]

AutoRun\command- F:\LaunchU3.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-06 19:17:24 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

2007-07-05 18:58:36 C:\WINDOWS\tasks\User_Feed_Synchronization-{0197D88E-5CD5-440C-9246-3880115388CD}.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-05 20:26:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4??? ????&2???A~??A~ ???????\???\???????????U?A~??A~\???\???????x?_??????C@?\???\??????s ???\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-05 20:27:07

C:\ComboFix-quarantined-files.txt ... 2007-07-05 20:27

C:\ComboFix2.txt ... 2007-07-02 19:16

 

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:31:09, on 05/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\DVDRAMSV.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\QUICKENW\QAGENT.EXE

C:\Program Files\ICQLite\ICQLite.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\PROGRA~1\AIM\AIMWDI~1.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\MXOALDR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\AIM\aim.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\BBC Alerts\BBC_Alerts.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

C:\Program Files\Climate Change Experiment\boinc.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\notepad.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloydstsb.co.uk/customer.ibc

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [bBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband

O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125036719218

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.6 212.139.132.7

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

 

Again, many thanks, Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Please do Start > Run and type in msconfig and hit OK.

 

When the Config Editor opens click Startup > Enable All > Apply > OK and exit the Editor. (You have a lot of programs disabled through msconfig, it's better to remove them if you don't want to use them.

 

Please now post a fresh HiJackThis log. Also, when did you install IE7? Did the problems start around the same time?

 

jedi

Share this post


Link to post
Share on other sites

jedi, OK done that. When I rebooted the following message appeared:

"RUNDLL

Error loading C:\Program Files\Wild Tangent\Apps\CDA\cdaEngine0400.dll

The specified module could not be found"

 

I clicked OK and it disappeared.

 

Logfile of HijackThis v1.99.1

Scan saved at 12:45:53, on 06/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\DVDRAMSV.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ICQLite\ICQLite.exe

C:\PROGRA~1\AIM\AIMWDI~1.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QUICKENW\QAGENT.EXE

C:\WINDOWS\system32\PROMon.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

C:\WINDOWS\system32\mrtMngr.EXE

C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\BBC Alerts\BBC_Alerts.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\NetTimer 2000\NetTimer.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

C:\Program Files\QUICKENW\QWDLLS.EXE

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

C:\Program Files\Climate Change Experiment\boinc.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloydstsb.co.uk/customer.ibc

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [iW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [bBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - HKCU\..\Run: [NetTimer 2000] "C:\Program Files\NetTimer 2000\NetTimer.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot

O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband

O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125036719218

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.41 212.139.132.42

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

 

This corrupted webpages started in early June this year. IE7 was installed several months ago.

 

Thank you.

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - HKCU\..\Run: [NetTimer 2000] "C:\Program Files\NetTimer 2000\NetTimer.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Next:

 

Download RegSeeker from here:

http://www.snapfiles.com/get/regseeker.html

 

Open RegSeeker.

 

Check the 'Backup before Deletion' box

Click on 'Clean the Registry'

Make sure all boxes except “Invalid Sevices (experimental)” are checked.

Click AutoClean and follow the prompts to allow it to run.

You will get a notification when AutoClean has run.

Exit RegSeeker.

Do not try to use any of the other functions on RegSeeker, it is a powerful program with the potential to damage your PC if used incorrectly

 

Next:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Under 'Error-Checking' click 'Check Now'.

Under 'Check Local Disk C’ check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

 

Next:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Click on 'Defragment now' and follow the prompts to defragment your disk.

 

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread, and let me know how the PC is running.

 

jedi

Share this post


Link to post
Share on other sites

jedi, got as far as getting RegSeeker to run and 43% of the way through AutoClean the following message appeared:

"Windows - No Disk

Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c ...

 

CANCEL TRY AGAIN CONTINUE"

 

None of these options worked, eventually managed to close the error message and RegSeeker by using Ctrl +Del + Alt.

 

Tried running RegSeeker once again and the same thing happened. Therefore RegSeeker didn't complete its processes and I didn't continue with your directions that followed that step.

Have shown a new cuurent HijackThis log.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:20:31, on 06/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\DVDRAMSV.EXE

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\PROMon.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\BBC Alerts\BBC_Alerts.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

C:\Program Files\QUICKENW\QWDLLS.EXE

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

C:\Program Files\Climate Change Experiment\boinc.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloydstsb.co.uk/customer.ibc

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

O4 - HKLM\..\Run: [iW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [bBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband

O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125036719218

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.6 212.139.132.7

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

 

Thank you, Mike

Share this post


Link to post
Share on other sites

Ok, just carry on with the other two steps.

 

jedi

Share this post


Link to post
Share on other sites

jedi, have completed the final two steps, i.e. error checking the disk and then defragmenting.

 

Then when trying to connect to the internet the following message appears

"Windows Internet Explorer

Cannot find 'http//%1/'. Make sure the path or Internet address is correct"

 

I clicked the OK button and that message disappeared and my homepage address appeared in the URL address box at the top of the screen, but no connection could be made to the internet.

I then clicked the LAN icon in the bottom righthand corner of the screen and the Network Connections pane appeared, then I clicked the Tiscali Broadband dial-up icon and that managed to make a connection to the internet, hence I managed to get back to this forum.

 

The corrupted webpages are still in evidence.

 

If in future I'm unable to get back onto the internet or this forum is there anyway I can make contact?

The HighjackThis log is as follows:

Logfile of HijackThis v1.99.1

Scan saved at 21:42:02, on 06/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\DVDRAMSV.EXE

C:\WINDOWS\System32\NMSSvc.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\PROMon.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\BBC Alerts\BBC_Alerts.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

C:\Program Files\QUICKENW\QWDLLS.EXE

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

C:\Program Files\Climate Change Experiment\boinc.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe

C:\WINDOWS\system32\msfeedssync.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloydstsb.co.uk/customer.ibc

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

O4 - HKLM\..\Run: [iW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [bBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE

O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband

O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125036719218

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

 

 

 

Mike

Edited by micpic

Share this post


Link to post
Share on other sites

Hi again,

 

Do Start > Control Panel > Network Connections, right click on Local Area Connections and click Repair.

 

Let me know if this helps the connection issue.

 

jedi

Share this post


Link to post
Share on other sites

jedi, the repair option is greyed out and unclickable, however to internet connection seems to have sorted itself out apart from the continuing message shown below which needs to clicked as 'OK' for it to disappear:

 

"Windows Internet Explorer

Cannot find 'http//%1/'. Make sure the path or Internet address is correct"

 

 

Thank you.

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Download HostsXpert from here:

http://www.funkytoad.com/download/HostsXpert.zip

 

Unzip it. Open the program and click on 'Restore Original Hosts'

 

OK the prompt, and exit HostsXpert.

 

Next,

 

1. Start Windows Live Messenger.

2. Select Tools, and then click Options.

3. Under Connection, click Advanced Settings.

4. Under SOCKS, delete the entries.

5. Click OK, and then click OK again.

 

Next:

 

In Internet Explorer, do Internet Options > Connections > LAN Settings and clear any checked boxes, then click OK.

 

Let me know if this helps.

 

jedi

Share this post


Link to post
Share on other sites

Wow!!! corrupted webpages now appear as they ought to be as far as I can see. Thank you so very much.

 

Now only left with when connecting to the internet the following message appears

"Windows Internet Explorer

Cannot find 'http//%1/'. Make sure the path or Internet address is correct"

 

If that irritation can be removed it would be great.

 

Again, thank you

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

corrupted webpages now appear as they ought to be
Good news.

The IE error is an odd one though, I've not come across it before.

Ok, I wonder if resetting your homepage would help.

Open Internet Explorer and open a page that you wish to have as your homepage. Then do Internet Options > General and under Home Page click 'Use Current' > Apply > OK.

Close down IE, restart it and let me know what happens.

 

jedi

Share this post


Link to post
Share on other sites

Hi again,

 

Open Internet Explorer > Internet Options > Advanced > Restore Advanced Settings > Apply > OK.

Restart IE.

Any change?

 

jedi

Share this post


Link to post
Share on other sites

Hi again,

 

Download IEFix from here:

http://windowsxp.mvps.org/IEFIX.htm

 

Follow the IEFix Usage instructions, if you don't have a Windows XP install disk the required files should be found at C:\Windows\I386, use the browse facility under 'Copy Files From'

 

Let me know what happens.

 

jedi

Share this post


Link to post
Share on other sites

jedi, IEFix tells me that IE7 is currently not supported, and that is what am using.

 

Mike

Share this post


Link to post
Share on other sites

Hi,

 

How annoying!

 

Next:

 

1. Start Internet Explorer 7, click Tools, and then click Delete Browsing History.

2. Next to Temporary Internet Files, click Delete files, and then click OK.

3. Next to History, click Delete history, and then click OK.

4. Next to Form data, click Delete forms, and then click OK.

 

Any change?

 

jedi

Share this post


Link to post
Share on other sites

And the next!

 

1. Click Tools, then Internet Options, and then click the Delete Files button.

 

2. A Delete Files window will appear. Select the option to Delete all offline content, and then click OK.

 

3. Click Settings and reduce the size of your cache to, say, 50 to 100 MB (more if you routinely download very large files).

 

If that doesn't work:

 

Next:

 

Boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.

Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

 

Log in as Administrator, rather than your own (Owner) account.

Navigate to

 

C:\Documents and Settings\username\Local Settings\Temporary Internet Files\index.dat

 

and delete the index.dat folder, then restart normally.

 

Any change?

 

jedi

Share this post


Link to post
Share on other sites

jedi, followed the first option and reduced cache to 100MB, but that didn't cure the problem.

Followed the second option (ensuring all hidden files were displayed via the 'folder options' icon) but on reaching the Tempoary Internet Files folder it was empty (no index.dat for me to delete).

 

 

In case its pertinent, the last 3 or 4 times I've shut down the PC the following message appears I suspect from the Task manager:

 

"DirectDBNotifyWndProc

could not end" and i then have to click the 'end now' button for it to close.

 

Mike

Edited by micpic

Share this post


Link to post
Share on other sites

Hi again,

 

Open Outlook.

 

Do Tools > Mailbox Cleanup > AutoArchive.

and

 

Do Tools > Mailbox Cleanup > Empty > Yes

 

Next:

 

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"ftp"="ftp://"

"gopher"="gopher://"

"home"="http://"

"mosaic"="http://"

"www"="http://"

 

 

 

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

 

Ok, any changes?

 

jedi

Share this post


Link to post
Share on other sites

jedi, I've always used Outlook Express for my emails, never Outlook. Anyway, in my version of Outlool (Outlook 2000) I clicked Tools and there isn't a Mailbox Cleanup option.

 

Should I continue with the REGEDIT4 step in spite of this?

 

Mike

Share this post


Link to post
Share on other sites

Yes, please do, I have Outlook Express as well as Outlook so I'll find the correct options in the meantime.

 

jedi

Share this post


Link to post
Share on other sites

jedi, the following message no longer appears when I shut down the PC

 

"DirectDBNotifyWndProc could not end"

 

Well done, thank you for that.

 

Am left with

 

"Windows Internet Explorer

Cannot find 'http//%1/'. Make sure the path or Internet address is correct" when I access the internet.

 

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, let's have a look at that key.

 

Do Start > Run and type in regedit and hit OK.

 

Expand the keys until you get to

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

Open the Prefixes folder.

Then, in the registry editor, do File > Export > Save as type 'Text files', name it 'Export' and save to desktop. Post the contents here.

 

Repeat for

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

and post the results here.

 

jedi

Share this post


Link to post
Share on other sites

jedi, here is the Prefixes file:

 

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes

Class Name: <NO CLASS>

Last Write Time: 4/1/2003 - 12:17 PM

Value 0

Name: ftp

Type: REG_SZ

Data: ftp://

 

Value 1

Name: gopher

Type: REG_SZ

Data: gopher://

 

Value 2

Name: home

Type: REG_SZ

Data: http://

 

Value 3

Name: mosaic

Type: REG_SZ

Data: http://

 

Value 4

Name: www

Type: REG_SZ

Data: http://

 

and here is the DefaultPrefix file:

 

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

Class Name: <NO CLASS>

Last Write Time: 4/1/2003 - 12:17 PM

Value 0

Name: <NO NAME>

Type: REG_SZ

Data: http://

 

Thank you

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, nothing wrong with those. Can you do a search and let me know if this file still exists?

 

C:\WINDOWS\System32\MSZTCE.EXE

 

jedi

Share this post


Link to post
Share on other sites

Hi again,

 

Good. Just wanted to double-check that one. Ok, can you do this. Install the Firefox browser:

http://www.mozilla.com/en-US/

Let me know if it opens normally and behaves normally.

 

jedi

Share this post


Link to post
Share on other sites

jedi, yes Firefox seems fine, can't get the music on one of my websites to play but that could be because my website host can't deal with it, it sounds fine on IE7.

 

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, as far as I can tell it looks like the fault is with IE7 itself, so, let's try an uninstall and reinstall. You can reinstall IE7 with Firefox, if necessary.

Do Start > Control Panel > Add/Remove Programs and find Windows Internet Explorer 7. Click Remove and follow the prompts.

When the uninstall is complete, restart your PC.

 

Now go here:

http://www.microsoft.com/windows/products/...ie/default.mspx

and install a fresh version of IE7.

 

Let me know if that resolves the issue.

 

jedi

Share this post


Link to post
Share on other sites

jedi, brilliant!!! Again well done and thank you.

 

Now presumably it will be OK for me to re-activate Tea Timer in Spybot.

 

Two housekeeping questions please:

 

1. In post number 15 above, how should I remove programs in the Startup menu as opposed to disabling them?

 

2. The only firewall I have is Windows Firewall, would it be a good idea to download and use Zone Alarm, or some other?

 

Thank you

Mike

Share this post


Link to post
Share on other sites

Hi again,

 

You're welcome. :D

 

Now presumably it will be OK for me to re-activate Tea Timer in Spybot.
Yes, indeed.

 

In post number 15 above, how should I remove programs in the Startup menu as opposed to disabling them?

 

A lot of programs load at startup by placing shortcuts in:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\(user name)\Start Menu\Programs\Startup

Remove the shortcut and they won't run at startup.

Or use a program like StartupLite:

http://www.malwarebytes.org/startuplite.php

which can disable via msconfig, or remove startup entries, and lists them all for you.

 

The only firewall I have is Windows Firewall, would it be a good idea to download and use Zone Alarm, or some other?

Yes it would. Windows Firewall is certainly better than nothing, but it only blocks incoming connections, not outgoing, so it something gets past it, it can sit on your computer and communicate with anything it wants to.

 

This article is a little old now, but still useful:

http://www.pcworld.com/howto/article/0,aid,112920,00.asp

 

This is also a good read:

How did I get Infected?

 

jedi

Share this post


Link to post
Share on other sites

jedi, OK that's all fixed up now.

 

Just want to say thank you once more for staying with the problem and seeing it through.

 

Best wishes

Mike

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0