ok guys here's the deal. i've got a whole 'brunch menu' of all sorts of anti-virus and anti-ad-ware programs installed on my laptop these days. i've ran them all and nothing seems to be bringing my laptop back to normal. besides a few hick-up's here and there i.e. delays in uploading of internet pages and general slow-down of the system itself, my biggest concern at the moment though is the inability to load the page of my hotmail account starting already at the sign in page; some parts of the pages work once i've signed in and some don't. it also 'toggles' several times, each time i click on a link. hopefully that makes sense.

attached is an example:

i hope you can give me some suggestions on how to fix this problem. i'm almost afraid to say that it may be a prob with the registry...but what do i know? ...basically zip when it comes to these things. thanks for your help in advance! :o

Recommended Answers

All 10 Replies

here's the hijackthis log

Update your Panda Antivirus and run a full system scan

Run these free online scans as well:
http://www.trendmicro.com/en/home/us/enterprise.htm
http://www.ravantivirus.com/scan/indexie.php

1. Download and install Ad-Aware SE (http://www.lavasoftusa.com/software/adaware/), keeping the default options. However, some of the settings will need to be changed before your first scan

2. Close ALL windows except Ad-Aware SE

3. Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the Preferences/Settings window

A.) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

B.) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

C.) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*Include addtional object information
*DESELECT - include negligible objects information
*Include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

D.) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile

5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘Finish’.

10. REBOOT to complete the removal of what Ad-Aware SE found

Before you can fix anything with hijackthis, it needs to be in it's own permanent folder. Part of the process of cleaning your system may involve deleting everything in temporary folders, which would cause you to loose your copy of hijackthis (and all the backups it makes) because you now have hijackthis in a temp folder. Please move it to a folder like c:\HJT\hijackthis.exe.

After you've done that, close all browser windows, scan with HJT, and post a new log in this thread (please copy and past instead of attaching it).

Hello,

I have been finding it more effective to run AdAware in Safe Mode.

Christian

thanks for all the info. unfortunately i can't update Panda at the moment since it's only a downloaded trial version. i have, however, done another scan with Panda and Trendmicro, as suggested, & no infections-, but with the RAV i can't do it since i don't have administrative rights; -what does that mean and how can i set it to this status?

i'm about to download the Ad-Aware SE and follow ur steps. i'll let you know how it goes...

ok so i've run the Ad-Aware and it shows '6 objects removed' and '13 quarantined'. logs are saved.

here's the HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 12:39:31 PM, on 10/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Power Management\PwrGui.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Programme\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\HJT\hijackthis.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\Generic\USB Card Reader\Disk_Monitor.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PowerManagement] C:\Programme\Power Management\PwrGui.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4418/mcfscan.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Programme\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

thanks again for your help!!

I don't see anything serious in your log, are you still having problems?

Here are a few questionable things, have HJT fix these if you don't recognize/use them:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

As far as the admin rights go, I'm not really sure. Are you the only user on this computer?

yea these links are fine. R0 is my homepage and i've never had probs with this one. the others except for the last one concern the maker of my laptop. so the only thing left may be the error guard. should i try fixing this with HJT then?

thanks again for all of your help guys! ...i'm almost afraid to say that it may have something to do with having installed service pack 2 recently.

read this. it may be of some interest and/ or help to figuring out this problem.

http://story.news.yahoo.com/news?tmpl=story&cid=75&e=12&u=/nf/20050110/tc_nf/29577

http://www.eweek.com/article2/0,1759,1749993,00.asp

let me know of your opinions in this regard.

cheers!

p.s. and yes i am the sole user of this machine

I don't see anything serious in your log, are you still having problems?

Here are a few questionable things, have HJT fix these if you don't recognize/use them:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.aria-nightclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O9 - Extra button: MedionShop - {E05EC57C-ECD9-431C-981D-15573E34076E} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

As far as the admin rights go, I'm not really sure. Are you the only user on this computer?

Go ahead and have HJT fix
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

A lot of people are turning to browsers other than IE, such as Firefox and Opera, because of the security flaws. You still need to keep IE, however, because it is the only way to get your Windows Updates.

If you're the only user on this PC, you should have admin rights. Is it XP Home?

all right. I've hijacked the errorguard link but the problem still remains....

it is XP home.

Go ahead and have HJT fix
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

A lot of people are turning to browsers other than IE, such as Firefox and Opera, because of the security flaws. You still need to keep IE, however, because it is the only way to get your Windows Updates.

If you're the only user on this PC, you should have admin rights. Is it XP Home?

I'm running out of ideas here, but can you post the log from Ad-Aware that you said had quarantined 13 objects?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.