0

Well, I got a few problems. Firstly, today alone i've downloaded the top 10 spyware removers and tried each, they all seem to crash at some point of scanning. But i've recently picked up a problem when my computer, on starting up the screen turns black for about 2 seconds then my background wallpaper becomes slightly more pixelated and my desktop icons have blue frames around the wording. Whenever I shut down my computer explorer says it's not responding, and it seems all txt on anything I use, even just on start menu seems to be different to usual. It isn't just my display settings. My limewire also closes every time I try to open it but thats not a biggie. I followed the "please run this before posting" and got this message
AVG Anti-Spyware 7.5 Exception: Something bad happened in the application. Error diagnostic file saved to 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.err'. Which came up with this information:

EDI:00000066
CS:EIP:001B:7D423436
SS:ESP:0023:03E98260 EBP:41454431
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246
Intel specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
7D423436 41454431 <frame 41454431 not readable>
ImageHelp specific method
Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
7D423436 03E9825C 4635307B 38344536 38332D43 342D3034 <pages range base not found>
2D31762D 41454431 00000000 00000000 00000000 00000000 <pages range base not found>
Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0A9000 6.00.2900.3020 C:\WINDOWS\system32\WININET.dll
77A80000 094000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77B20000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
74720000 04B000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
605D0000 009000 5.01.2600.2180 C:\WINDOWS\system32\mslbui.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
76F20000 027000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
76FB0000 008000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
76F60000 02C000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

So I just need a bit of help. Thanks

3
Contributors
17
Replies
18
Views
10 Years
Discussion Span
Last Post by MavericksAce
0

Any decent virus/trojan will protect itself by disabling scanners and blocking downloads from certain sites. Not a lot i can tell from the avg log, cept that it broke...
Go here, get hijackthis....
http://216.180.233.162/~merijn/files/HijackThis.exe
Save it into its own, new folder [beside program files is good, NOT in a temp folder or on the desktop]. Start it by dclicking the .exe file, and then CLOSE ALL OTHER APPLICATIONS AND WINDOWS. Press Scan and save a logfile. A notepad with the file will open. Post it here. Someone will be around to check it..
[course, it may not be the fault of a bug, but it is easy to get that aspect out of the way. generally speaking.]

0

Logfile of HijackThis v1.99.1
Scan saved at 12:29:25 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://172.30.1.100:8080
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = D:\lotus\organize\easyclip.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = D:\Lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SmartCenter.lnk = D:\Lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?7351e9606ab04effbfdc785329c6ccbb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?7351e9606ab04effbfdc785329c6ccbb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mainland.co.nz
O17 - HKLM\Software\..\Telephony: DomainName = mainland.co.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mainland.co.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mainland.co.nz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

0

hi,
for a start may i ask what you are doing with this IP address? 172.30.1.100? It's a bit special, and i have included it to be fixed, but you may have other needs...
You have lotus and M$ Office both starting up at boot? is that ok?
Nothing special to be done, just start hijackthis again, press Do a System scan only, and then check the items in the following list to be fixed. Run the fix.


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://172.30.1.100:8080

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.92 85.255.112.10

Update AVG antispyware and do a full scan.
Update Java!!! Go control panel, java, update, update now. When it installs, restart, and then go to add/remove pgms and remove the old version.
Post the new hijackthis log.

0

I'm not sure about the I.P adress. But I will try the thing's you said. I share this computer with a few people though

0

k. a few ppl fool with that one when they play about with linux. they can put it back in if they need it.

0

Alright, I did what you said. I got up to...


Update AVG antispyware and do a full scan. << Here. Then i got another error message, I don't know if it's the same but this is what it said...(and i didnt update java yet):
[IMG]file:///C:/DOCUME%7E1/ADMINI%7E1/LOCALS%7E1/Temp/moz-screenshot.jpg[/IMG]
//==<AVG AntiSpyware 7.5.0.50>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 7D423436 <pages range base not found>
Exception Date: 12/28/2006 21:41:13
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe: 7.5.0.50

MiniDump Information Saved to .dmp

Registers:
EAX:00000000
EBX:04850000
ECX:7C91056D
EDX:00000000
ESI:7C80DDF5
EDI:00000066
CS:EIP:001B:7D423436
SS:ESP:0023:03E98260 EBP:41454431
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
7D423436 41454431 <frame 41454431 not readable>

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
7D423436 03E9825C 4635307B 38344536 38332D43 342D3034 <pages range base not found>
2D31762D 41454431 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0A9000 6.00.2900.3020 C:\WINDOWS\system32\WININET.dll
77A80000 094000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77B20000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
74720000 04B000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
605D0000 009000 5.01.2600.2180 C:\WINDOWS\system32\mslbui.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
76F20000 027000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
76FB0000 008000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
76F60000 02C000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
76FC0000 006000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

//==<AVG AntiSpyware 7.5.0.50>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 7D423436 <pages range base not found>
Exception Date: 12/28/2006 21:45:46
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe: 7.5.0.50

MiniDump Information Saved to .dmp

Registers:
EAX:00000000
EBX:04A40000
ECX:7C91056D
EDX:00000000
ESI:7C80DDF5
EDI:00000066
CS:EIP:001B:7D423436
SS:ESP:0023:03E98260 EBP:41454431
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
7D423436 41454431 <frame 41454431 not readable>

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
7D423436 03E9825C 4635307B 38344536 38332D43 342D3034 <pages range base not found>
2D31762D 41454431 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0A9000 6.00.2900.3020 C:\WINDOWS\system32\WININET.dll
77A80000 094000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77B20000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
74720000 04B000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
605D0000 009000 5.01.2600.2180 C:\WINDOWS\system32\mslbui.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

//==<AVG AntiSpyware 7.5.0.50>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 7D423436 <pages range base not found>
Exception Date: 12/28/2006 21:56:17
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe: 7.5.0.50

MiniDump Information Saved to .dmp

Registers:
EAX:00000000
EBX:048D0000
ECX:7C91056D
EDX:00000000
ESI:7C80DDF5
EDI:00000066
CS:EIP:001B:7D423436
SS:ESP:0023:03E98260 EBP:41454431
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
7D423436 41454431 <frame 41454431 not readable>

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
7D423436 03E9825C 4635307B 38344536 38332D43 342D3034 <pages range base not found>
2D31762D 41454431 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0A9000 6.00.2900.3020 C:\WINDOWS\system32\WININET.dll
77A80000 094000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77B20000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
74720000 04B000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
605D0000 009000 5.01.2600.2180 C:\WINDOWS\system32\mslbui.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
76F20000 027000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
76FB0000 008000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
76F60000 02C000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

//==<AVG AntiSpyware 7.5.0.50>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 7D423436 <pages range base not found>
Exception Date: 12/29/2006 14:55:35
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe: 7.5.0.50

MiniDump Information Saved to .dmp

Registers:
EAX:00000000
EBX:04C70000
ECX:7C91056D
EDX:00000000
ESI:7C80DDF5
EDI:00000066
CS:EIP:001B:7D423436
SS:ESP:0023:03E98260 EBP:41454431
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
7D423436 41454431 <frame 41454431 not readable>

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
7D423436 03E9825C 4635307B 38344536 38332D43 342D3034 <pages range base not found>
2D31762D 41454431 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0A9000 6.00.2900.3020 C:\WINDOWS\system32\WININET.dll
77A80000 094000 5.131.2600.2180 C:\WINDOWS\system32\CRYPT32.dll
77B20000 012000 5.01.2600.2180 C:\WINDOWS\system32\MSASN1.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\uxtheme.dll
74720000 04B000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\appHelp.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
605D0000 009000 5.01.2600.2180 C:\WINDOWS\system32\mslbui.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
662B0000 058000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
71A90000 008000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
76F20000 027000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
76FB0000 008000 5.01.2600.2180 C:\WINDOWS\System32\winrnr.dll
76F60000 02C000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
76FC0000 006000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

0

urk! okay, download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 -click the file to run it, go Select all, and then Empty Selected, and finally close ATF.
Next try an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-the link to the scan is just above the padlock pic.... free online virus scan.. enter a valid? email and follow through to the scan, and scan your system. Post the log it produces here, along with that hijackthis log. I really am not sure why AVG failed.

You should also try this scan:- http://www.kaspersky.com/virusscanner
-you must install an ActiveX component from Kaspersky, so click Yes. Definitions will download, then when the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it. Click My Computer to start the scan. When the scan is finished, click the "Save as Text" button, and save the file to your desktop. Post it here also.

0

Alright, the Kaspersky is still going, it's taking forever. An hour and it was at 2% so i tried again a few times. This is what panda came up with.


Incident Status Location
Virus:Trj/dmRandom.CT Disinfected Operating system
Adware:adware/bravesentry Not disinfected c:\windows\xpupdate.exe
Adware:adware/megatds Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jfneha1a.default\cookies.txt[.2o7.net/]
Adware:Adware/Gimmy Not disinfected C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Mp3_License.exe]
Adware:Adware/Gimmy Not disinfected C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Mp3_Sound_Definition.exe]
Adware:Adware/Gimmy Not disinfected C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Download_Agreement.exe]
Adware:Adware/Gimmy Not disinfected C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Free_Mp3-SearchEngine.exe]
Virus:Trj/dmRandom.CT Disinfected C:\WINDOWS\system32\dmxsg.exe

And this was Hijack again:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:28 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = D:\lotus\organize\easyclip.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = D:\Lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SmartCenter.lnk = D:\Lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?7351e9606ab04effbfdc785329c6ccbb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?7351e9606ab04effbfdc785329c6ccbb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mainland.co.nz
O17 - HKLM\Software\..\Telephony: DomainName = mainland.co.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mainland.co.nz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mainland.co.nz
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe


I will keep trying Kaspersky

0

Bear with me, this is tedious, but we should get there.. [hijackthis log shows clean, but panda says otherwise...]
Uninstall AVG antispyware 7.5.
Get Spybot S&D:- http://www.safer-networking.org/en/mirrors/index.html - from one of these mirrors. Update it.
Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/ - install it. Update it. Leave it in its default settings state for the moment. Put an icon on your desktop for regular use.
And finally CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's neater that way.

Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip unzip it onto your desktop.
Dclick killbox to start it. Select "Delete on reboot", click the "all files" button.
Highlight these two files and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

c:\windows\xpupdate.exe
C:\WINDOWS\system32\dmxsg.exe

In killbox, go File menu, choose Paste from clipboard. Click the red and white button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]

On restart, download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 -click the file to run it, go Select all, and then Empty Selected.
Now click Firefox at the top, Select All again, and Empty Selected again. Close ATF.

Boot into Safe Mode [hit F8 repeatedly after turn on during POST, and before IDE detection finishes..]. Login as an administrator. Rclick on the start button, explore, then Tools > folder options > view, and select Show hidden files and folders, Apply and OK.
Search for these 4 files and delete them:-

C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Mp3_License.exe]
C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Mp3_Sound_Definition.exe]
C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Download_Agreement.exe]
C:\Steve\iPOD music\Get Smart\MisImpIII-01.rar[Free_Mp3-SearchEngine.exe]

- Do a full Adaware scan and remove all the problems it finds.
- Run SpyBot S D. Create the registry backup, then check for problems. Select and fix problems.

Reboot into normal mode and download AVG antispyware 7.5 again and update it.
Reboot into Safe Mode and run AVG antispyware 7.5 from there. I shall have my fingers crossed.

Ok. Reboot into normal windows mode... if everything appears to be working you must now remove all old system restore points... do this by turning sys res off then on again for all drives. The path to this is via Start > all programs > accessories > system tools> system restore - use the link "system restore settings", and check turn off sys res for all drives, Apply... AND THEN UNCHECK THE BOX, AND APPLY. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything.
Now make a new restore point.
Run CCleaner from the recycle bin icon [rclick it...] - explore its settings and do a registry clean.
If AVG finds anything post the log..... You could try the pandascan and kaspersky now....

0

just a note. before you scan with AVG AS 7.5 make sure that under Scanner, Settings you set recommended action to Quarantine. Do a full sys scan, and Apply recommended action.

0

Highlight these two files and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-

c:\windows\xpupdate.exe
C:\WINDOWS\system32\dmxsg.exe


Where abouts do I find these two files? Do I do a search on my computer? And where abouts is the clipboard? Sorry to be a annoying

0

nope, ur not annoying at all. it is not easy to gauge people's familiarity with windows... some get upset if i provide too much detail in steps....
Clipboard is that generally invisible cache u use all the time... u know, for copy and paste. So just highlight those two lines in my post above [the full paths] , rclick in them and go copy. They are then in the clipboard. And then follow the instructions again. [Don't try a paste operation]
You do not need to find the files in your computer cos killbox will do that. I guess i could have been more clear if i had written "Highlight these two lines and copy them ....". But they are the paths of files.. so i called em files. Sorry for the confusion. Go to it...

0

Btw, if you wish to view the contents of the clipboard, just copy something, anything, and then go Start > run, type clipbrd and <enter>. Presto. But it's a fairly useless exercise.....

0

You should also do the following;

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.

0

maverick, i really would like to know if you proceeded with that method, and how you got on....

0

Sorry, i've really been buying for time as Uni has started up again. I will try when I get time. My computer has been running half fine with all the problems it has...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.