Jump to content


Photo

Corrupted webpages


  • This topic is locked This topic is locked
48 replies to this topic

#1 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 13 June 2007 - 03:15 PM

In the body of various otherwise properly appearing webpages I see parts of this message appearing in
blue: "Internet Explorer cannot display the webpage" this is preceded by the icon i in a blue circle.
Depending on its position on the webpage further words in that message also appear such as "Most
likely...." etc. Various parts of this message appear. It would help if I could show you a screen
print but I don't think this is an option.

An example is at http://tranquil-journey.tripod.com/ but it seems that this corruption only appears on
my computer. I have cleared my temporary internet files, cookies and history but this hasn't helped,
and a system restore was unable to reset to an earlier date. I have read the FAQ and followed the directions given on this forum. The following are requested log files:

Logfile of HijackThis v1.99.1
Scan saved at 20:50:30, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BBC Alerts\BBC_Alerts.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloyd...uk/customer.ibc
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125036719218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.42 212.139.132.41
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

BitDefender Online Scanner



Scan report generated at: Wed, Jun 13, 2007 - 18:16:41





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:11:16

Files
303786

Folders
7568

Boot Sectors
2

Archives
17609

Packed Files
7325




Results

Identified Viruses
5

Infected Files
33

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
38




Engines Info

Virus Definitions
513460

Engine build
AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Mike\.housecall6.6\Quarantine\splug.dll.bac_a00344=>(Quarantine-4)
Infected with: Trojan.Zlob.AAC

C:\Documents and Settings\Mike\.housecall6.6\Quarantine\splug.dll.bac_a00344=>(Quarantine-4)
Deleted

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\2676360B.htm=>(Quarantine-2)
Infected with: Generic.XPL.MhtRedir.BCFB123A

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\2676360B.htm=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\2676360B.htm=>(Quarantine-2)
Deleted

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58E430AD.htm=>(Quarantine-2)
Infected with: Generic.XPL.MhtRedir.BCFB123A

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58E430AD.htm=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58E430AD.htm=>(Quarantine-2)
Deleted

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58F72C98.htm=>(Quarantine-2)
Infected with: Generic.XPL.MhtRedir.BCFB123A

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58F72C98.htm=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\58F72C98.htm=>(Quarantine-2)
Deleted

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\590B2882.htm=>(Quarantine-2)
Infected with: Generic.XPL.MhtRedir.BCFB123A

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\590B2882.htm=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\S-1-5-21-2025429265-152049171-682003330-1004\Dc235\Quarantine\590B2882.htm=>(Quarantine-2)
Deleted

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.B@mm

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1
Deleted

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB
Update failed

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.B@mm

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1
Deleted

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1
Deleted

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2
Deleted

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3
Deleted

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1
Deleted

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2
Deleted

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3
Deleted

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed


Kaspersky log (The scan froze after about 5 minutes, on two separate attempts)

Wednesday, June 13, 2007 4:56:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/06/2007
Kaspersky Anti-Virus database records: 345378


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 5162
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 00:05:41

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\.housecall6.6\Quarantine\splug.dll.bac_a00344 Infected: Trojan-Downloader.Win32.Zlob.aeg skipped

C:\Documents and Settings\Mike\Application Data\Aim\findawaym3\cert8.db Object is locked skipped

C:\Documents and Settings\Mike\Application Data\Aim\findawaym3\key3.db Object is locked skipped

C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

Scan was interrupted by user!

AVG Anti-Spyware - Scan Report (In SAFE MODE this software wouldn't run, the following message appeared:"Connection to service failed. Please reinstall AVG Anti-Spyware 7.5", reinstalling didn't help, so ran in NORMAL MODE).
---------------------------------------------------------

+ Created at: 16:25:56 13/06/2007

+ Scan result:



Nothing found.


::Report end


Your assistance will be very much appreciated.
Thank you.

Edited by micpic, 14 June 2007 - 01:22 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,521 posts

Posted 16 June 2007 - 06:31 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 29 June 2007 - 05:25 AM

Hi,

It seems that you've been infected with an e-mail worm, which may be responsible:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Also:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#4 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 30 June 2007 - 06:37 AM

Thanks Jedi for your response. I'll be back home on Monday (2nd July) and will be able to follow up straightaway on your instructions. Again, many thanks.
Mike

#5 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 June 2007 - 06:38 AM

You're welcome. :)

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#6 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 02 July 2007 - 01:25 PM

Jedi, here is the ComboFix report

ComboFix 07-06-18.2 - C:\Documents and Settings\Mike\Desktop\ComboFix.exe
"Mike" - 2007-07-02 19:10:24 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 19:08 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 17:25 <DIR> d-------- C:\DOCUME~1\Mike\DoctorWeb
2007-06-14 09:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-13 16:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 14:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 18:05:04 -------- d-----w C:\Program Files\Climate Change Experiment
2007-07-02 16:22:32 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-00531102}.dat
2007-07-02 16:22:32 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-00531102}.dat
2007-07-02 16:07:57 -------- d-----w C:\Program Files\Microsoft Money
2007-06-19 20:35:36 -------- d-----w C:\Program Files\Opera
2007-06-13 07:23:24 -------- d-----w C:\Program Files\Spring Wildflowers Saver 1.3
2007-06-13 05:30:34 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-12 16:24:44 1,080 ----a-w C:\WINDOWS\AUTOLNCH.REG
2007-06-10 18:31:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 19:13:50 -------- d-----w C:\Program Files\Paint Shop Pro 5
2007-05-11 11:13:42 3,500 ----a-w C:\WINDOWS\system32\tmp.reg
2007-05-11 10:27:34 11,470,608 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-05-09 08:18:59 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-05-09 05:18:14 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-06 19:17:25 -------- d-----w C:\DOCUME~1\Mike\APPLIC~1\SpywareBot
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-26 08:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2001-07-25 14:04]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2002-01-24 20:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 16:30]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 21:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-10 09:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 08:04]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-08-10 16:37]
"BBC Alerts"="C:\Program Files\BBC Alerts\BBC_Alerts.exe" [2006-06-01 14:36]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk
backup=C:\WINDOWS\pss\Camio Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gwum.lnk
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
adiras.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneIV]
C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSZTCE]
C:\WINDOWS\System32\MSZTCE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]
C:\WINDOWS\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetTimer 2000]
"C:\Program Files\NetTimer 2000\NetTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
PROMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
C:\Program Files\QUICKENW\QAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar]
"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba3b02ba-c0d2-11db-b9c1-4d6564696130}]
AutoRun\command- F:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
2007-05-06 19:17:24 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-02 15:45:53 C:\WINDOWS\tasks\User_Feed_Synchronization-{0197D88E-5CD5-440C-9246-3880115388CD}.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 19:15:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???F????&2???A~??A~F???????\???\???????????U?A~??A~\???\?????????_??????C@?\???\??????sF???\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 19:16:12

--- E O F ---


and here is the Dr.WebCureIt report

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\TRITON_UK_2.2.25.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Mike\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Mike\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
iwapi.chm\DLLGeneral.html;C:\Program Files\InstantCD+DVD\InstantWrite\SDK\iwapi.chm;Modification of BAT.Wed.4730;;
iwapi.chm;C:\Program Files\InstantCD+DVD\InstantWrite\SDK;Archive contains infected objects;Moved.;
gendel32.ex_;C:\Program Files\SaberQuestPageBurner\setup;Tool.Gendel;Incurable.Moved.;


Thank you, Mike

#7 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 July 2007 - 11:05 AM

Hi again,

Ok, I think you're clean, but I want to run another check, before we tackle the webpage problem:

Please do the following:
Run a BitDefender Online scan Here and post the results.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#8 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 03 July 2007 - 04:47 PM

jedi, here's the BitDefender report:

BitDefender Online Scanner



Scan report generated at: Tue, Jul 03, 2007 - 22:41:43





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:08:41

Files
283922

Folders
7570

Boot Sectors
2

Archives
12165

Packed Files
7150




Results

Identified Viruses
3

Infected Files
28

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
28




Engines Info

Virus Definitions
636723

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.B@mm

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB=>RESOURCE1
Deleted

C:\{800050A5-0000-0000-3B85-0E8E9102C32E}\DATA.CAB
Update failed

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.B@mm

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB=>RESOURCE1
Deleted

C:\{800050A5-0000-0000-414B-21D68818DCC6}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE1
Deleted

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE2
Deleted

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB=>RESOURCE3
Deleted

C:\{800052E9-0000-0000-27A4-B8F4CD14C962}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE1
Deleted

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE2
Deleted

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB
Update failed

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.C@mm

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB=>RESOURCE3
Deleted

C:\{800052E9-0000-0000-D509-E8ABE31569DE}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE1
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE2
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE3
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE4
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE5
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE6
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE7
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE8
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE9
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB=>RESOURCE10
Deleted

C:\{800056C4-0000-0000-C87D-763B69C76806}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE1
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE2
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE3
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE4
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE5
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE6
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE7
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE8
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE9
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10
Infected with: Win32.Netsky.AA@mm

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB=>RESOURCE10
Deleted

C:\{800056C4-0000-0000-E27A-584E2912C0E7}\DATA.CAB
Update failed


Many thanks, Mike

#9 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 July 2007 - 01:34 PM

Hi again,

Ok, can I see a fresh HiJackThis log, and please let me know how the PC is performing.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#10 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 04 July 2007 - 01:41 PM

Jedi, here is a new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:38:01, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BBC Alerts\BBC_Alerts.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloyd...uk/customer.ibc
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125036719218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

The corrupted webpages are still evident but apart from that the computer seems to be going well and not going slow.

Many thanks, Mike

#11 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 July 2007 - 03:14 PM

Hi again,

Please download and install the Firefox browser.
http://www.mozilla-e...oducts/firefox/
Surf with Firefox to the same webpages and let me know if you can access them correctly, or if you get the same fault.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#12 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 04 July 2007 - 03:47 PM

jedi, have installed Firefox and get the same fault, part of a message appears on the webpage which I think reads "Unable to connect...", although the connection to the site is Ok.

Thank you for your continued help.
Mike



I hope this isn't a red-herring but it seems as though the fragments of browser messages appear in places where there ought to be legitimate adverts. Hope this helps. Mike

Edited by micpic, 05 July 2007 - 01:33 AM.


#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 July 2007 - 01:55 PM

Hi again,

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

Ok,

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

File::
C:\WINDOWS\system32\tmp.reg
Folder:
C:\WINDOWS\AUTOLNCH.REG
C:\Program Files\WildTangent


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 05 July 2007 - 02:35 PM

jedi, as requested:

ComboFix 07-06-18.2 - C:\Documents and Settings\Mike\Desktop\ComboFix.exe
"Mike" - 2007-07-05 20:22:30 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Mike\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\AUTOLNCH.REG
C:\WINDOWS\system32\tmp.reg


((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


2007-07-02 19:08 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 17:25 <DIR> d-------- C:\DOCUME~1\Mike\DoctorWeb
2007-06-14 09:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-13 16:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 14:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 19:16:22 -------- d-----w C:\Program Files\Climate Change Experiment
2007-07-05 19:14:48 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-00531102}.dat
2007-07-05 19:14:48 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-00531102}.dat
2007-07-05 16:35:10 -------- d-----w C:\Program Files\Microsoft Money
2007-06-19 20:35:36 -------- d-----w C:\Program Files\Opera
2007-06-13 07:23:24 -------- d-----w C:\Program Files\Spring Wildflowers Saver 1.3
2007-06-13 05:30:34 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-10 18:31:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 19:13:50 -------- d-----w C:\Program Files\Paint Shop Pro 5
2007-05-11 10:27:34 11,470,608 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-05-09 08:18:59 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-05-09 05:18:14 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-06 19:17:25 -------- d-----w C:\DOCUME~1\Mike\APPLIC~1\SpywareBot
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-26 08:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2001-07-25 14:04]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2002-01-24 20:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 16:30]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 21:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-10 09:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 08:04]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-08-10 16:37]
"BBC Alerts"="C:\Program Files\BBC Alerts\BBC_Alerts.exe" [2006-06-01 14:36]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer.lnk
backup=C:\WINDOWS\pss\Camio Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gwum.lnk
backup=C:\WINDOWS\pss\gwum.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
adiras.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneIV]
C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSZTCE]
C:\WINDOWS\System32\MSZTCE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]
C:\WINDOWS\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetTimer 2000]
"C:\Program Files\NetTimer 2000\NetTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
PROMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
C:\Program Files\QUICKENW\QAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar]
"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba3b02ba-c0d2-11db-b9c1-4d6564696130}]
AutoRun\command- F:\LaunchU3.exe


Contents of the 'Scheduled Tasks' folder
2007-05-06 19:17:24 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-05 18:58:36 C:\WINDOWS\tasks\User_Feed_Synchronization-{0197D88E-5CD5-440C-9246-3880115388CD}.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 20:26:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4??? ????&2???A~??A~ ???????\???\???????????U?A~??A~\???\???????x?_??????C@?\???\??????s ???\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-05 20:27:07
C:\ComboFix-quarantined-files.txt ... 2007-07-05 20:27
C:\ComboFix2.txt ... 2007-07-02 19:16

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 20:31:09, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\BBC Alerts\BBC_Alerts.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloyd...uk/customer.ibc
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125036719218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

Again, many thanks, Mike

#15 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 July 2007 - 06:23 AM

Hi again,

Please do Start > Run and type in msconfig and hit OK.

When the Config Editor opens click Startup > Enable All > Apply > OK and exit the Editor. (You have a lot of programs disabled through msconfig, it's better to remove them if you don't want to use them.

Please now post a fresh HiJackThis log. Also, when did you install IE7? Did the problems start around the same time?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#16 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 06 July 2007 - 06:53 AM

jedi, OK done that. When I rebooted the following message appeared:
"RUNDLL
Error loading C:\Program Files\Wild Tangent\Apps\CDA\cdaEngine0400.dll
The specified module could not be found"

I clicked OK and it disappeared.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:53, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BBC Alerts\BBC_Alerts.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\NetTimer 2000\NetTimer.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloyd...uk/customer.ibc
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [NetTimer 2000] "C:\Program Files\NetTimer 2000\NetTimer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125036719218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

This corrupted webpages started in early June this year. IE7 was installed several months ago.

Thank you.
Mike

#17 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 July 2007 - 07:26 AM

Hi again,

Scan with HiJackThis and put a check in the box next to the following items;

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [NetTimer 2000] "C:\Program Files\NetTimer 2000\NetTimer.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

Next:

Download RegSeeker from here:
http://www.snapfiles.../regseeker.html

Open RegSeeker.

Check the 'Backup before Deletion' box
Click on 'Clean the Registry'
Make sure all boxes except “Invalid Sevices (experimental)” are checked.
Click AutoClean and follow the prompts to allow it to run.
You will get a notification when AutoClean has run.
Exit RegSeeker.
Do not try to use any of the other functions on RegSeeker, it is a powerful program with the potential to damage your PC if used incorrectly

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Under 'Error-Checking' click 'Check Now'.
Under 'Check Local Disk C’ check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Click on [b]'Defragment now'
and follow the prompts to defragment your disk.


Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread, and let me know how the PC is running.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#18 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 06 July 2007 - 12:22 PM

jedi, got as far as getting RegSeeker to run and 43% of the way through AutoClean the following message appeared:
"Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c ...

CANCEL TRY AGAIN CONTINUE"

None of these options worked, eventually managed to close the error message and RegSeeker by using Ctrl +Del + Alt.

Tried running RegSeeker once again and the same thing happened. Therefore RegSeeker didn't complete its processes and I didn't continue with your directions that followed that step.
Have shown a new cuurent HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 18:20:31, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BBC Alerts\BBC_Alerts.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloyd...uk/customer.ibc
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125036719218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4166B38-58CA-448E-865F-0D8F9341E0C6}: NameServer = 212.139.132.6 212.139.132.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe

Thank you, Mike

#19 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 July 2007 - 01:24 PM

Ok, just carry on with the other two steps.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#20 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 06 July 2007 - 04:12 PM

jedi, have completed the final two steps, i.e. error checking the disk and then defragmenting.

Then when trying to connect to the internet the following message appears
"Windows Internet Explorer
Cannot find 'http//%1/'. Make sure the path or Internet address is correct"

I clicked the OK button and that message disappeared and my homepage address appeared in the URL address box at the top of the screen, but no connection could be made to the internet.
I then clicked the LAN icon in the bottom righthand corner of the screen and the Network Connections pane appeared, then I clicked the Tiscali Broadband dial-up icon and that managed to make a connection to the internet, hence I managed to get back to this forum.

The corrupted webpages are still in evidence.

If in future I'm unable to get back onto the internet or this forum is there anyway I can make contact?
The HighjackThis log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 21:42:02, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BBC Alerts\BBC_Alerts.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.15_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.15_windows_intelx86.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.lloyd...uk/customer.ibc
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\EasyTune4\et4Tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: ADVFN 4v4 - http://www.advfn.com...p?pid=loadercab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125036719218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe



Mike

Edited by micpic, 06 July 2007 - 04:16 PM.


#21 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 July 2007 - 08:59 AM

Hi again,

Do Start > Control Panel > Network Connections, right click on Local Area Connections and click Repair.

Let me know if this helps the connection issue.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#22 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 07 July 2007 - 10:25 AM

jedi, the repair option is greyed out and unclickable, however to internet connection seems to have sorted itself out apart from the continuing message shown below which needs to clicked as 'OK' for it to disappear:

"Windows Internet Explorer
Cannot find 'http//%1/'. Make sure the path or Internet address is correct"


Thank you.
Mike

#23 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 03:58 AM

Hi again,

Download HostsXpert from here:
http://www.funkytoad.../HostsXpert.zip

Unzip it. Open the program and click on 'Restore Original Hosts'

OK the prompt, and exit HostsXpert.

Next,

1. Start Windows Live Messenger.
2. Select Tools, and then click Options.
3. Under Connection, click Advanced Settings.
4. Under SOCKS, delete the entries.
5. Click OK, and then click OK again.

Next:

In Internet Explorer, do Internet Options > Connections > LAN Settings and clear any checked boxes, then click OK.

Let me know if this helps.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#24 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 04:52 AM

Wow!!! corrupted webpages now appear as they ought to be as far as I can see. Thank you so very much.

Now only left with when connecting to the internet the following message appears
"Windows Internet Explorer
Cannot find 'http//%1/'. Make sure the path or Internet address is correct"

If that irritation can be removed it would be great.

Again, thank you
Mike

#25 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 05:02 AM

Hi again,

corrupted webpages now appear as they ought to be

Good news.
The IE error is an odd one though, I've not come across it before.
Ok, I wonder if resetting your homepage would help.
Open Internet Explorer and open a page that you wish to have as your homepage. Then do Internet Options > General and under Home Page click 'Use Current' > Apply > OK.
Close down IE, restart it and let me know what happens.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#26 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 05:11 AM

jedi, that doesn't seem to have made any difference.

Mike

#27 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 05:51 AM

Hi again,

Open Internet Explorer > Internet Options > Advanced > Restore Advanced Settings > Apply > OK.
Restart IE.
Any change?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#28 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 06:02 AM

jedi, problem still persists.

Mike

#29 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 06:21 AM

Hi again,

Download IEFix from here:
http://windowsxp.mvps.org/IEFIX.htm

Follow the IEFix Usage instructions, if you don't have a Windows XP install disk the required files should be found at C:\Windows\I386, use the browse facility under 'Copy Files From'

Let me know what happens.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#30 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 06:38 AM

jedi, IEFix tells me that IE7 is currently not supported, and that is what am using.

Mike

#31 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 07:01 AM

Hi,

How annoying!

Next:

1. Start Internet Explorer 7, click Tools, and then click Delete Browsing History.
2. Next to Temporary Internet Files, click Delete files, and then click OK.
3. Next to History, click Delete history, and then click OK.
4. Next to Form data, click Delete forms, and then click OK.

Any change?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#32 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 07:53 AM

No, unfortunately that didn't help.

Mike

#33 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 08:14 AM

And the next!

1. Click Tools, then Internet Options, and then click the Delete Files button.

2. A Delete Files window will appear. Select the option to Delete all offline content, and then click OK.

3. Click Settings and reduce the size of your cache to, say, 50 to 100 MB (more if you routinely download very large files).

If that doesn't work:

Next:

Boot into safe mode:
Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Log in as Administrator, rather than your own (Owner) account.
Navigate to

C:\Documents and Settings\username\Local Settings\Temporary Internet Files\index.dat

and delete the index.dat folder, then restart normally.

Any change?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#34 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 09:10 AM

jedi, followed the first option and reduced cache to 100MB, but that didn't cure the problem.
Followed the second option (ensuring all hidden files were displayed via the 'folder options' icon) but on reaching the Tempoary Internet Files folder it was empty (no index.dat for me to delete).


In case its pertinent, the last 3 or 4 times I've shut down the PC the following message appears I suspect from the Task manager:

"DirectDBNotifyWndProc
could not end" and i then have to click the 'end now' button for it to close.

Mike

Edited by micpic, 08 July 2007 - 09:22 AM.


#35 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 11:14 AM

Hi again,

Open Outlook.

Do Tools > Mailbox Cleanup > AutoArchive.
and

Do Tools > Mailbox Cleanup > Empty > Yes

Next:

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Ok, any changes?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#36 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 12:31 PM

jedi, I've always used Outlook Express for my emails, never Outlook. Anyway, in my version of Outlool (Outlook 2000) I clicked Tools and there isn't a Mailbox Cleanup option.

Should I continue with the REGEDIT4 step in spite of this?

Mike

#37 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 12:41 PM

Yes, please do, I have Outlook Express as well as Outlook so I'll find the correct options in the meantime.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#38 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 July 2007 - 02:27 PM

jedi, the following message no longer appears when I shut down the PC

"DirectDBNotifyWndProc could not end"

Well done, thank you for that.

Am left with

"Windows Internet Explorer
Cannot find 'http//%1/'. Make sure the path or Internet address is correct" when I access the internet.

Mike

#39 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 02:58 AM

Hi again,

Ok, let's have a look at that key.

Do Start > Run and type in regedit and hit OK.

Expand the keys until you get to
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
Open the Prefixes folder.
Then, in the registry editor, do File > Export > Save as type 'Text files', name it 'Export' and save to desktop. Post the contents here.

Repeat for
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
and post the results here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#40 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 July 2007 - 04:33 AM

jedi, here is the Prefixes file:

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
Class Name: <NO CLASS>
Last Write Time: 4/1/2003 - 12:17 PM
Value 0
Name: ftp
Type: REG_SZ
Data: ftp://

Value 1
Name: gopher
Type: REG_SZ
Data: gopher://

Value 2
Name: home
Type: REG_SZ
Data: http://

Value 3
Name: mosaic
Type: REG_SZ
Data: http://

Value 4
Name: www
Type: REG_SZ
Data: http://

and here is the DefaultPrefix file:

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
Class Name: <NO CLASS>
Last Write Time: 4/1/2003 - 12:17 PM
Value 0
Name: <NO NAME>
Type: REG_SZ
Data: http://

Thank you
Mike

#41 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 04:45 AM

Hi again,

Ok, nothing wrong with those. Can you do a search and let me know if this file still exists?

C:\WINDOWS\System32\MSZTCE.EXE

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#42 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 July 2007 - 04:53 AM

jedi, no sign of C:\WINDOWS\System32\MSZTCE.EXE

even in the hidden files & folders.

Mike

#43 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 06:02 AM

Hi again,

Good. Just wanted to double-check that one. Ok, can you do this. Install the Firefox browser:
http://www.mozilla.com/en-US/
Let me know if it opens normally and behaves normally.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#44 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 July 2007 - 07:00 AM

jedi, yes Firefox seems fine, can't get the music on one of my websites to play but that could be because my website host can't deal with it, it sounds fine on IE7.

Mike

#45 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 07:26 AM

Hi again,

Ok, as far as I can tell it looks like the fault is with IE7 itself, so, let's try an uninstall and reinstall. You can reinstall IE7 with Firefox, if necessary.
Do Start > Control Panel > Add/Remove Programs and find Windows Internet Explorer 7. Click Remove and follow the prompts.
When the uninstall is complete, restart your PC.

Now go here:
http://www.microsoft...ie/default.mspx
and install a fresh version of IE7.

Let me know if that resolves the issue.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#46 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 July 2007 - 09:16 AM

jedi, brilliant!!! Again well done and thank you.

Now presumably it will be OK for me to re-activate Tea Timer in Spybot.

Two housekeeping questions please:

1. In post number 15 above, how should I remove programs in the Startup menu as opposed to disabling them?

2. The only firewall I have is Windows Firewall, would it be a good idea to download and use Zone Alarm, or some other?

Thank you
Mike

#47 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 12:11 PM

Hi again,

You're welcome. :D

Now presumably it will be OK for me to re-activate Tea Timer in Spybot.

Yes, indeed.

In post number 15 above, how should I remove programs in the Startup menu as opposed to disabling them?


A lot of programs load at startup by placing shortcuts in:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\(user name)\Start Menu\Programs\Startup

Remove the shortcut and they won't run at startup.
Or use a program like StartupLite:
http://www.malwareby...startuplite.php
which can disable via msconfig, or remove startup entries, and lists them all for you.

The only firewall I have is Windows Firewall, would it be a good idea to download and use Zone Alarm, or some other?

Yes it would. Windows Firewall is certainly better than nothing, but it only blocks incoming connections, not outgoing, so it something gets past it, it can sit on your computer and communicate with anything it wants to.

This article is a little old now, but still useful:
http://www.pcworld.c...d,112920,00.asp

This is also a good read:
How did I get Infected?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#48 micpic

micpic

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 July 2007 - 03:02 PM

jedi, OK that's all fixed up now.

Just want to say thank you once more for staying with the problem and seeing it through.

Best wishes
Mike

#49 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 03:19 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button