Tech Support banner

Status
Not open for further replies.
1 - 20 of 20 Posts

·
Registered
Joined
·
46 Posts
Discussion Starter #1
Hello,

I can't get on Microsoft related web sites, MSN Messanger won't connect, I can't use hotmail, ares is always in connecting and I have no idea what to do!

I tried everything...

I downloaded Spybot, Ad-adware, TrojanHunt. Deleted cookies etc..
I download iefix and nothing happened.

Can someone please help me.. I don't have my windows xp disc.

Please.. I am getting really frustrated!
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello Big Mac,

Please download the newest version of HijackThis 1.99.1 . This program will help us determine if there are any spyware/malware on your computer.

Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it. Do not fix anything yet. Many files it finds are harmless, and required for your system to operate.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #3
Thank you for taking the time to help me! I have tried everything!
Here is my log
Logfile of HijackThis v1.99.1
Scan saved at 9:23:13 PM, on 10/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Ares Lite Edition\Ares.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\me\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [dmglf.exe] D:\WINDOWS\System32\dmglf.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares Lite Edition\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .m4a: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: *.softpedia.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft hyper card manager (Mhcm) - Unknown owner - D:\WINDOWS\mshytcsx32.exe (file missing)
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hi Big Mac,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

1. Go to Start > Run and type in services.msc then click OK
2. Click the Extended tab.
3. Scroll down until you find the service.
===> Microsoft hyper card manager (Mhcm)
4. Click once on the service to highlight it.
5. Click Stop
6. Right-Click on the service.
7. Click on 'Properties'
8. Select the 'General' tab
9. Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
10. From the drop-down menu, click on 'Disabled'
11. Click the 'Apply' tab, then click 'OK'

Open HijackThis>Config>Misc Tools>Delete an NT Service
*now copy/paste the following entry in the box and click OK:

Mhcm

Run a scan in HijackThis. Check the following entry and hit 'Fix checked':

O23 - Service: Microsoft hyper card manager (Mhcm) - Unknown owner - D:\WINDOWS\mshytcsx32.exe (file missing)

Delete the following file:

D:\WINDOWS\mshytcsx32.exe

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!.If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
-Empty Recycle Bins
-Temporary Internet Files
-Delete Cookies
-Delete Prefetch files
-[X]Scan local drives for temporary files (Please uncheck this option)
-Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Normal Mode.

IMPORTANT!:
Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2 (SP2). SP2 should only be installed on a fully disinfected system.) At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

Perform an online scan using Internet Explorer with Panda ActiveScan - requires Internet Explorer

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply along with a new HijackThis log.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
46 Posts
Discussion Starter #5
ok I didi what u said.......

I could not find these to delte them:

O23 - Service: Microsoft hyper card manager (Mhcm) - Unknown owner - D:\WINDOWS\mshytcsx32.exe (file missing)

D:\WINDOWS\mshytcsx32.exe

so I did the cleanup and tried to go on microsoft.com but diditn work?
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Could you please clarify for me...you couldn't find the entry in HijackThis or you couldn't find the file to delete, or both?

What happened when you tried to update at Microsoft?

Please post another HijackThis log.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #8
both I couldnt find then to delete the,...and when I tried to go on micorosft the same thing that always happens happened it said :page cannot be found"

here is my new log:

Logfile of HijackThis v1.99.1
Scan saved at 10:07:30 PM, on 10/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Ares Lite Edition\Ares.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\me\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [dmfhh.exe] D:\WINDOWS\System32\dmfhh.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares Lite Edition\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .m4a: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Windowsupdate.microsoft.com
O15 - Trusted Zone: *.softpedia.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
Registered
Joined
·
46 Posts
Discussion Starter #10
No luck!

I can't get on Microsoft Update or Microsoft related websites for that matter nor can I access MSN Messanger, hotmail and Ares lite
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Ok, let's try this tool:

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/products/mwav/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode. /B]
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use CTRL C on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
You've got quite a bit going on here.

Download AboutBuster http://www.greyknight17.com/spy/AboutBuster.zip and unzip the files to a folder on your Desktop. Run AboutBuster and click OK. Click Update button to see if there are any updates. Close the program now.

Reboot into Safe Mode. (tapping F8 or F5)

Run AboutBuster and click Begin Removal button. Once that's done, just hit the OK button. Click Exit once you are done. Click the OK button and it should exit. Open up the 'Ab LogFile.txt' (which was created in the same folder as AboutBuster) and post the log here.

Reboot and try to download the following.

If you still cannot access this website, use another computer to download this program to a disc and bring it to this pc:

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Reboot into Safe Mode.

Now open Ewido and do a scan on your system.

* Click on Scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily and post the results here.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #16
here is my ab logfile

AboutBuster 5.1, reference file 32
Scan started on [10/18/2005] at [12:56:01 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:56:51 PM
 

·
Registered
Joined
·
46 Posts
Discussion Starter #17
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:46:34 PM, 10/18/2005
+ Report-Checksum: A17015B

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1B540D44-3F61-4394-AE30-25FDC3649405}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/Downloaded Program Files/SyncroAdX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/Downloaded Program Files/SyncroAdX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/System32/toolbar.dll\\.Owner -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/System32/toolbar.dll\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/System32/version.txt\\.Owner -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\D:/WINDOWS/System32/version.txt\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
HKU\.DEFAULT\Software\_hsrb -> Spyware.Hotsearchbar : Cleaned with backup
HKU\.DEFAULT\Software\_hsrb\ppops -> Spyware.Hotsearchbar : Cleaned with backup
HKU\.DEFAULT\Software\_hsrb\ssites -> Spyware.Hotsearchbar : Cleaned with backup
HKU\S-1-5-21-1708537768-688789844-1060284298-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{BF69DF00-2734-477F-8257-27CD04F88779} -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-1708537768-688789844-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-1708537768-688789844-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Cleaned with backup
HKU\S-1-5-18\Software\_hsrb -> Spyware.Hotsearchbar : Cleaned with backup
HKU\S-1-5-18\Software\_hsrb\ppops -> Spyware.Hotsearchbar : Cleaned with backup
HKU\S-1-5-18\Software\_hsrb\ssites -> Spyware.Hotsearchbar : Cleaned with backup
D:\Documents and Settings\me\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
D:\WINDOWS\system32\bndmod.exe.tcf -> Spyware.FindSpy : Cleaned with backup
D:\WINDOWS\system32\cscgt.exe.tcf -> TrojanDownloader.Agent.uj : Cleaned with backup
D:\WINDOWS\system32\dmnrl.exe -> Trojan.Ysearch : Cleaned with backup
D:\WINDOWS\system32\hlmicro.exe.tcf -> Spyware.Msnagent : Cleaned with backup
D:\WINDOWS\system32\ntfsnlpa.exe.tcf -> Spyware.Msnagent : Cleaned with backup
D:\WINDOWS\system32\rdsndin.exe.tcf -> Spyware.FindSpy : Cleaned with backup


::Report End
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Ok, now we've gotten somewhere. :grin:

Try again to update to XP SP1a.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
1 - 20 of 20 Posts
Status
Not open for further replies.
Top