•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 392,072 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 4,175 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 1644 | Replies: 15 | Solved
 |
•
•
Join Date: May 2006
Posts: 15
Reputation: 
Rep Power: 3
Solved Threads: 0
Newbie Poster
It Constantly Keeps Re-booting Itself. Plz Help Hi there,
ABUT ME:-
I'm new to the group and I'm rubbish when it comes to technical problems with computers. I'm quite good at installing and using software, but other than that... oh dear.
MY PROBLEM:-
I've recently installed a wireless networking device (LINKSYS WIRELESS-G networking adaptor) onto my PC, which has/possibly now had Windows XP installed, Panda AntVirus and other programs. After installing the adaptor I had an error message appear saying application error (referring to LINKSYS SYSTEM MONITOR). This message kept appearing until there were 52 messages on the screen and I had to re-boot the computer.
Since then, my computer crashes on start-up. On start up a blue screen appears and after checking file system on C: that type of file FAT32. It then starts to check disk consistancy. It verifies 100% then it says:
the \pagefile.sys entry contain a non valid link.
the size of the \pagefile.sys entry is not valid.
\WINDOWS\DUMP8695.tmp is crossed-linked on allocation unit 1006408.
It then locks on this screen, trying to load but nothing happens.
What have I done???? Has someone hacked our computer???
ABUT ME:-
I'm new to the group and I'm rubbish when it comes to technical problems with computers. I'm quite good at installing and using software, but other than that... oh dear.
MY PROBLEM:-
I've recently installed a wireless networking device (LINKSYS WIRELESS-G networking adaptor) onto my PC, which has/possibly now had Windows XP installed, Panda AntVirus and other programs. After installing the adaptor I had an error message appear saying application error (referring to LINKSYS SYSTEM MONITOR). This message kept appearing until there were 52 messages on the screen and I had to re-boot the computer.
Since then, my computer crashes on start-up. On start up a blue screen appears and after checking file system on C: that type of file FAT32. It then starts to check disk consistancy. It verifies 100% then it says:
the \pagefile.sys entry contain a non valid link.
the size of the \pagefile.sys entry is not valid.
\WINDOWS\DUMP8695.tmp is crossed-linked on allocation unit 1006408.
It then locks on this screen, trying to load but nothing happens.
What have I done???? Has someone hacked our computer???
- Harri
:)
:)
•
•
Join Date: May 2006
Posts: 15
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
[quote=haribo_harris]Hi there,
ABOUT ME:-
I'm new to the group and I'm rubbish when it comes to technical problems with computers. I'm quite good at installing and using software, but other than that... oh dear.
MY PROBLEM:-
I've recently installed a wireless networking device (LINKSYS WIRELESS-G networking adaptor) onto my PC, which has/possibly now had Windows XP installed, Panda AntVirus and other programs. After installing the adaptor I had an error message appear saying application error (referring to LINKSYS SYSTEM MONITOR). This message kept appearing until there were 52 messages on the screen and I had to re-boot the computer.
Since then, my computer crashes on start-up. On start up a blue screen appears and after checking file system on C: that type of file FAT32. It then starts to check disk consistancy. It verifies 100% then it says:
the \pagefile.sys entry contain a non valid link.
the size of the \pagefile.sys entry is not valid.
\WINDOWS\DUMP8695.tmp is crossed-linked on allocation unit 1006408.
It then locks on this screen, trying to load but nothing happens.
What have I done???? Has someone hacked our computer???
Also I've done a antivirus scan and nothing was found.
And I've found that if you leave it for ages it finally boots up and loads. But then if you chose to open a powerful program like Adobe, it freezes. Then shuts itself down, turns to turn on and load, then shuts itself down again. It continues to do this until you force it to shut down by holding the power button for 10 seconds.
ABOUT ME:-
I'm new to the group and I'm rubbish when it comes to technical problems with computers. I'm quite good at installing and using software, but other than that... oh dear.
MY PROBLEM:-
I've recently installed a wireless networking device (LINKSYS WIRELESS-G networking adaptor) onto my PC, which has/possibly now had Windows XP installed, Panda AntVirus and other programs. After installing the adaptor I had an error message appear saying application error (referring to LINKSYS SYSTEM MONITOR). This message kept appearing until there were 52 messages on the screen and I had to re-boot the computer.
Since then, my computer crashes on start-up. On start up a blue screen appears and after checking file system on C: that type of file FAT32. It then starts to check disk consistancy. It verifies 100% then it says:
the \pagefile.sys entry contain a non valid link.
the size of the \pagefile.sys entry is not valid.
\WINDOWS\DUMP8695.tmp is crossed-linked on allocation unit 1006408.
It then locks on this screen, trying to load but nothing happens.
What have I done???? Has someone hacked our computer???
Also I've done a antivirus scan and nothing was found.
And I've found that if you leave it for ages it finally boots up and loads. But then if you chose to open a powerful program like Adobe, it freezes. Then shuts itself down, turns to turn on and load, then shuts itself down again. It continues to do this until you force it to shut down by holding the power button for 10 seconds.
- Harri
:)
:)
•
•
Join Date: Jan 2006
Location: Tennessee
Posts: 1,567
Reputation:
Rep Power: 6
Solved Threads: 102
Hmm, definitely sounds like spyware to me.
I'm going to move your thread into the Viruses/Spyware/Nasties forum.
In the meantime:
Download HijackThis (current verison is v1.99.1)
or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)
Make a new folder to put your HijackThis.exe into.
(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:
Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.
Definitely be sure to include this in your reply.
Thanks.
I'm going to move your thread into the Viruses/Spyware/Nasties forum.
In the meantime:
Download HijackThis (current verison is v1.99.1)
or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)
Make a new folder to put your HijackThis.exe into.
(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:
- C:\HijackThis\
- C:\Programs\hijackthis\
- C:\Windows\My Documents\HJT\
Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.
Definitely be sure to include this in your reply.
Thanks.
Now if ya like the help ya could always raise our reputation...
•
•
Join Date: May 2006
Posts: 15
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
Hi there,
Thanks for you help on this. Right I didn't exasctly as you advised and got the following...it doesn't look too good but I'm not a big computer expert.
p.s
after taking three/four attempts to start it the computer will eventually start and then take ages to load. Once loaded, it the runs reletively quickly - but then somes sudden crashes and this little paragraph starts over again.
Logfile of HijackThis v1.99.1
Scan saved at 19:07:42, on 15/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACK\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\avciman.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\psimreal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " "
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://uk.search.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O1 - Hosts: 9.31.81.22 google.li google.lt google.lu google.lv google.mn
google.ms google.mu
O1 - Hosts: 9.31.81.22 google.mw google.nl google.no google.off.ai google.pl
google.pn google.pt
O1 - Hosts: 9.31.81.22 google.ro google.ru google.rw google.se google.sh
google.sk google.sm
O1 - Hosts: 9.31.81.22 google.td google.tm google.tt google.uz google.vg
search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 9.31.81.22 br.search.yahoo.com ca.search.yahoo.com
cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com
au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 9.31.81.22 fr.search.yahoo.com de.search.yahoo.com
it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at
search.sympatico.msn.ca
O1 - Hosts: 9.31.81.22 search.msn.co.za search.ninemsn.com.au
search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 9.31.81.22 search.msn.fr search.msn.de search.msn.it search.msn.nl
search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 9.31.81.22 search.msn.se search.msn.ch search.msn.co.in
search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 9.31.81.22 beta.search.sympatico.msn.ca beta.search.msn.co.za
beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk
beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 9.31.81.22 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de
beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 9.31.81.22 beta.search.msn.se beta.search.msn.ch
beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com
alexa.com
O1 - Hosts: 9.31.81.22 www.google.ae www.google.am www.google.as www.google.at
www.google.az www.google.be www.google.bi
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O1 - Hosts: 9.31.81.22 google.li google.lt google.lu google.lv google.mn
google.ms google.mu
O1 - Hosts: 9.31.81.22 google.mw google.nl google.no google.off.ai google.pl
google.pn google.pt
O1 - Hosts: 9.31.81.22 google.ro google.ru google.rw google.se google.sh
google.sk google.sm
O1 - Hosts: 9.31.81.22 google.td google.tm google.tt google.uz google.vg
search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 9.31.81.22 br.search.yahoo.com ca.search.yahoo.com
cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com
au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 9.31.81.22 fr.search.yahoo.com de.search.yahoo.com
it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at
search.sympatico.msn.ca
O1 - Hosts: 9.31.81.22 search.msn.co.za search.ninemsn.com.au
search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 9.31.81.22 search.msn.fr search.msn.de search.msn.it search.msn.nl
search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 9.31.81.22 search.msn.se search.msn.ch search.msn.co.in
search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 9.31.81.22 beta.search.sympatico.msn.ca beta.search.msn.co.za
beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk
beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 9.31.81.22 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de
beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 9.31.81.22 beta.search.msn.se beta.search.msn.ch
beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com
alexa.com
O1 - Hosts: 9.31.81.22 www.google.ae www.google.am www.google.as www.google.at
www.google.az www.google.be www.google.bi
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F10159AE-FFE4-4C9F-859B-DF9A55365333} -
C:\WINDOWS\System32\dhle.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
http://www.midasplayer.com/midasa.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) -
http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147616968530
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.shockwave.com/content/tumblebugs/sis/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} -
C:\WINDOWS\System32\kfokilkp.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Thanks for you help on this. Right I didn't exasctly as you advised and got the following...it doesn't look too good but I'm not a big computer expert.
p.s
after taking three/four attempts to start it the computer will eventually start and then take ages to load. Once loaded, it the runs reletively quickly - but then somes sudden crashes and this little paragraph starts over again.
Logfile of HijackThis v1.99.1
Scan saved at 19:07:42, on 15/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACK\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\avciman.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\psimreal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " "
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://uk.search.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O1 - Hosts: 9.31.81.22 google.li google.lt google.lu google.lv google.mn
google.ms google.mu
O1 - Hosts: 9.31.81.22 google.mw google.nl google.no google.off.ai google.pl
google.pn google.pt
O1 - Hosts: 9.31.81.22 google.ro google.ru google.rw google.se google.sh
google.sk google.sm
O1 - Hosts: 9.31.81.22 google.td google.tm google.tt google.uz google.vg
search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 9.31.81.22 br.search.yahoo.com ca.search.yahoo.com
cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com
au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 9.31.81.22 fr.search.yahoo.com de.search.yahoo.com
it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at
search.sympatico.msn.ca
O1 - Hosts: 9.31.81.22 search.msn.co.za search.ninemsn.com.au
search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 9.31.81.22 search.msn.fr search.msn.de search.msn.it search.msn.nl
search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 9.31.81.22 search.msn.se search.msn.ch search.msn.co.in
search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 9.31.81.22 beta.search.sympatico.msn.ca beta.search.msn.co.za
beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk
beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 9.31.81.22 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de
beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 9.31.81.22 beta.search.msn.se beta.search.msn.ch
beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com
alexa.com
O1 - Hosts: 9.31.81.22 www.google.ae www.google.am www.google.as www.google.at
www.google.az www.google.be www.google.bi
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O1 - Hosts: 9.31.81.22 google.li google.lt google.lu google.lv google.mn
google.ms google.mu
O1 - Hosts: 9.31.81.22 google.mw google.nl google.no google.off.ai google.pl
google.pn google.pt
O1 - Hosts: 9.31.81.22 google.ro google.ru google.rw google.se google.sh
google.sk google.sm
O1 - Hosts: 9.31.81.22 google.td google.tm google.tt google.uz google.vg
search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 9.31.81.22 br.search.yahoo.com ca.search.yahoo.com
cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com
au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 9.31.81.22 fr.search.yahoo.com de.search.yahoo.com
it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at
search.sympatico.msn.ca
O1 - Hosts: 9.31.81.22 search.msn.co.za search.ninemsn.com.au
search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 9.31.81.22 search.msn.fr search.msn.de search.msn.it search.msn.nl
search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 9.31.81.22 search.msn.se search.msn.ch search.msn.co.in
search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 9.31.81.22 beta.search.sympatico.msn.ca beta.search.msn.co.za
beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk
beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 9.31.81.22 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de
beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 9.31.81.22 beta.search.msn.se beta.search.msn.ch
beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com
alexa.com
O1 - Hosts: 9.31.81.22 www.google.ae www.google.am www.google.as www.google.at
www.google.az www.google.be www.google.bi
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F10159AE-FFE4-4C9F-859B-DF9A55365333} -
C:\WINDOWS\System32\dhle.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
http://www.midasplayer.com/midasa.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) -
http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147616968530
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.shockwave.com/content/tumblebugs/sis/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} -
C:\WINDOWS\System32\kfokilkp.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
- Harri
:)
:)
•
•
Join Date: Jul 2005
Location: FL.
Posts: 1,536
Reputation:
Rep Power: 7
Solved Threads: 98
Hi, Please run HJT again, and select Do system scan only. Then place a check (tick) next to these items.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " "
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: (no name) - {F10159AE-FFE4-4C9F-859B-DF9A55365333} -
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control)-
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} -
Click Fix Checked.
________________________________________________
Download Hoster.
________________________________________________
Now lets have ewido take out what it can, before we proceed manually.
Please download ewido anti-malware it is a free version of the program.
ewido manual updates
Once the updates are installed do the following:
Reboot.
_______________________________________________________
Post the ewido log, and a new HJT log
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " "
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: (no name) - {F10159AE-FFE4-4C9F-859B-DF9A55365333} -
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control)-
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} -
Click Fix Checked.
________________________________________________
Download Hoster.
- Unzip Hoster to C:\Hoster .
- Run Hoster.exe from its new home
- Click "Make Hosts Writable?" in the upper right corner (If available) .
- Click Restore Original Hosts and then click OK.
- Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
________________________________________________
Now lets have ewido take out what it can, before we proceed manually.
Please download ewido anti-malware it is a free version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
ewido manual updates
Once the updates are installed do the following:
- Open up Ewido
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close ewido anti-malware.
Reboot.
_______________________________________________________
Post the ewido log, and a new HJT log
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: May 2006
Posts: 15
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
HI there,
I got as far as downloading it and clicking on Restore Original Hosts, but when I click on OK... i get and ERROR box that say: Cannot create file C:/WINDOWS/system32/DRIVERS/ETC/hosts.
Then my Panda antivirus pops up and says that a dangerous operation has been blocked....
I'm so sorry if this is an easy problem to fix but I'm making a big event out of it.
I got as far as downloading it and clicking on Restore Original Hosts, but when I click on OK... i get and ERROR box that say: Cannot create file C:/WINDOWS/system32/DRIVERS/ETC/hosts.
Then my Panda antivirus pops up and says that a dangerous operation has been blocked....
I'm so sorry if this is an easy problem to fix but I'm making a big event out of it.
- Harri
:)
:)
•
•
Join Date: Jan 2006
Location: Tennessee
Posts: 1,567
Reputation:
Rep Power: 6
Solved Threads: 102
Heh it's cool.
Try disabeling Panda Antivirus before downloading again.
O ya, and by the way, this isn't abnormal--oftentimes AVs accuse other AVs of being spyware and such.
Thanks.
Try disabeling Panda Antivirus before downloading again.
O ya, and by the way, this isn't abnormal--oftentimes AVs accuse other AVs of being spyware and such.
Thanks.
Now if ya like the help ya could always raise our reputation...
•
•
Join Date: May 2006
Posts: 15
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
Hi guys,
Here's the reponses....
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 23:09:53, 15/05/2006
+ Report-Checksum: 396D2591
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objecta\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -> Trojan.Zapchast : Cleaned with
backup
C:\WINDOWS\system32\LogFiles\A5291900.so -> Trojan.Crypt.b : Cleaned with
backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll ->
Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
::Report End
-----------------------------------------
and then
Logfile of HijackThis v1.99.1
Scan saved at 19:52:43, on 16/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HIJACK\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
http://www.midasplayer.com/midasa.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
-----------------------------------------
Here's the reponses....
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 23:09:53, 15/05/2006
+ Report-Checksum: 396D2591
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objecta\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -> Trojan.Zapchast : Cleaned with
backup
C:\WINDOWS\system32\LogFiles\A5291900.so -> Trojan.Crypt.b : Cleaned with
backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll ->
Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
::Report End
-----------------------------------------
and then
Logfile of HijackThis v1.99.1
Scan saved at 19:52:43, on 16/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HIJACK\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
http://www.midasplayer.com/midasa.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
-----------------------------------------
- Harri
:)
:)
•
•
Join Date: May 2006
Posts: 15
Reputation:
Rep Power: 3
Solved Threads: 0
Newbie Poster
p.s
it is now working a little faster and also doesn't need to be re-booted/switched off so many times before it boots up properly and allows you to use it.
I have also found that closing a few programs helping - just the ones I'm not using like a Java program, Quick Time & Big Fix.
it is now working a little faster and also doesn't need to be re-booted/switched off so many times before it boots up properly and allows you to use it.
I have also found that closing a few programs helping - just the ones I'm not using like a Java program, Quick Time & Big Fix.
- Harri
:)
:)
•
•
Join Date: Jan 2006
Location: Tennessee
Posts: 1,567
Reputation:
Rep Power: 6
Solved Threads: 102
Alrite, couple more entries to fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/game...ploader_v6.cab
Awsome, now we're gonna run CCleaner to clean some more:
Begin by downloading CCleaner, and specifically choosing the most recent version.
Then, follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):
C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.
Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.
Now, ya need to update Java--it's not the latest version. -- this is sorta important
Here's the link to dl it:
http://www.java.com/en/download/manual.jsp
Now, post back here with a new HJT log.
Thanks.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/game...ploader_v6.cab
Awsome, now we're gonna run CCleaner to clean some more:
Begin by downloading CCleaner, and specifically choosing the most recent version.
Then, follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):
C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.
Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.
Now, ya need to update Java--it's not the latest version. -- this is sorta important
Here's the link to dl it:
http://www.java.com/en/download/manual.jsp
Now, post back here with a new HJT log.
Thanks.
Now if ya like the help ya could always raise our reputation...
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
Linear Mode
- RED HAT 9-booting time 10 min (*nix Software)
- hotoffers popup/homepage plz help (Viruses, Spyware and other Nasties)
- I don't know dual booting (Windows NT / 2000 / XP / 2003)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Winfixer and other infections.
- Next Thread: homepage Hijacked
