Thread: Hello from New Zealand everyone
View Single Post
Old 08-04-2006, 07:08 PM   #24 (permalink)
Download Junkie
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi Reid Im havin a problem getting the active scan to run
while doing the last set of instructions all was going fine till I Insalled IEspyad I'm not saying it caused what happened next cause I just dont know ....I'd just finished installing it and left the computer to make a cuppa and when i got back about 5 mins later there was an error message up saying ..Your system has just recovered from a Serious error..... I did the send error report I also made a copy of if your interested in what it sent to Microsoft

I then Rebooted the PC got online and tried the panda active scan the page loaded up quite slow almost 3 mins I clicked on the active scan link and a small window appeared with a yellow triangle with a exclamation mark in it. and the words Pepe and an ok button I pressed it and nothing happened :( ......there were two other buttons on the page that said scan now so I pressed one of those a window appeared asking for country and email I filled them in pressed scan now ....the green progress bar came up full with no seconds remaining ..... It was still like that three hours later

I tried several times after that with the same result

all the other steps were done just like you asked
the files you wanted deleted didnt exist after the Highjack this scan

so here is the results without the panda report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:43 06-08-04

+ Scan result:



C:\WINDOWS\system32\FQ20ENU.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@cpvfeed[1].txt.pvaa.dkb -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@cpvfeed[2].txt.pvaa.dkb -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@tribalfusion[1].txt.pvaa.dkb -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@tribalfusion[2].txt.pvaa.dkb -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@yadro[1].txt.pvaa.dkb -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[1].txt.pvaa.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[1].txt.pvab.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[1].txt.pvac.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[1].txt.pvad.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[1].txt.pvae.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pdac.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pmaa.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pvad.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pvae.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pvaf.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pvag.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pvah.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Cookies\black dragon@ad.yieldmanager[2].txt.pwab.dkb -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end

New HijackThis log from Normal Mode

Logfile of HijackThis v1.99.1
Scan saved at 12:20, on 06-08-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: DataKeeper.lnk = C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Download Junkie is offline