0

I have been having some problems with loading some programs in XP pro in that when I load Eudora, msconfig etc. the loading banner is displayed in the bottom middle of the screen instead of the centre as it used to. In the case of Eudora it hogs the window and does not allow other windows to display over its own window. I have to minimize it to see the window beneath it. I have reloaded it but not change. Some other programs also misbehave. I have done the scans etc and msconfig diags but to no avail. Things seem to work normally in safe mode with its inherent limitations of course. Lately IE 7 won't display even though the my email is working and it does seem to work OK in safe mode only. I have reset it etc. . But something is blocking it in the normal mode (Firefox does not work either).

Many thanks for any help.

cdg

Here is the message, when I check the connection but there is no home page or any other for that matter very strange???

Last diagnostic run time: 06/18/07 21:34:58
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info
HTTP: Successfully connected to www.microsoft.com.
info
FTP (Passive): Successfully connected to ftp.microsoft.com.
info
HTTPS: Successfully connected to www.microsoft.com.

Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:56:55 PM, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\LightsOut\Lights Out.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe
D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
D:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
D:\Program Files\MouseLaunch\Launcher.exe
D:\Program Files\Scalogic\My Schedule\myschedule.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Quick ShutDown\qsd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\My Documents\Eudora Mail\Eudora.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Powermarks\pm.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~2\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - D:\PROGRA~1\POWERM~1\iec.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\PROGRA~1\FRESHD~1\FRESHD~2\fdiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - D:\PROGRA~1\POWERM~1\iec.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - D:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - d:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "d:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Lights out] D:\Program Files\LightsOut\Lights Out.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Scalogic My Schedule] D:\Program Files\Scalogic\My Schedule\myschedule.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Clipboard Recorder] "D:\Program Files\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe" -startup
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: IntelligentWakeUp.lnk = D:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
O4 - Global Startup: MouseLaunch.lnk = D:\Program Files\MouseLaunch\Launcher.exe
O4 - Global Startup: My Schedule.lnk = D:\Program Files\Scalogic\My Schedule\myschedule.exe
O4 - Global Startup: PrintScreen.lnk = C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - Global Startup: qsd.lnk = C:\Program Files\Quick ShutDown\qsd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: FreshDownload - {F0C7BFA8-F7B8-442A-A91F-EEE0E42EB87B} - D:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: eReference - {4ACF862B-61A9-441f-A743-15B8610D304B} - C:\Program Files\eRef\Ahd41.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {894B8712-11F1-48A7-899F-36D6C695D9D8} (CodeBabyObject Object) - http://service.sympatico.ca/codebaby/core/codebaby.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: intu-qt2006 - {13834D94-C631-4CD1-963D-9B5F4593B127} - D:\QuickTax 2006\QT2006\ic2006pp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: pdfFactory Pro Dispatcher v2 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

2
Contributors
18
Replies
19
Views
10 Years
Discussion Span
Last Post by cdg
0

cdg, for you as user the internet start page setting is blank:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. If you have your M$ or OEM installation CD I suggest you run this to check the integrity of some system files:
Go start, run, type or paste:
sfc /scannow -and press Enter. Insert the CD, be available to press Enter, maybe many times as it runs. When completed it just closes, no fanfare.
If you still have problems, do these in this order and call back:
ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

0

Many thanks for this gerbil, will do and get back. I did find that the internet issue was due to MS KB933566 IE7 update. Removing this allowed my internet access as before. For those not aware IE7 installation support from MS is free till Nov. 2007.

Really appreciate such a detailed resoponse.

cdg

cdg, for you as user the internet start page setting is blank:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. If you have your M$ or OEM installation CD I suggest you run this to check the integrity of some system files:
Go start, run, type or paste:
sfc /scannow -and press Enter. Insert the CD, be available to press Enter, maybe many times as it runs. When completed it just closes, no fanfare.
If you still have problems, do these in this order and call back:
ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

0

cdg, for you as user the internet start page setting is blank:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. If you have your M$ or OEM installation CD I suggest you run this to check the integrity of some system files:
Go start, run, type or paste:
sfc /scannow -and press Enter. Insert the CD, be available to press Enter, maybe many times as it runs. When completed it just closes, no fanfare.
If you still have problems, do these in this order and call back:
ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

gerbil, while downloading active x module Avast intercepts it as malware Win32:CTX

http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL

Is this normal? have aborted this scan for the the time bing.

thanks

cdg

0

Panda is safe to download, cdg. It enjoys a good reputation. Quite a number of valid tools and scanners are interpreted as suspicious because of their capabilities, but that is how they have to be. But it is wise to check each case.
Oh, by the way, I am proudly? IE7 ignorant. Totally. IE6 works for me, when I use it. Go, FF n Opera.

0

Thanks gerbil, sorry did not get back earlier, got side tracked with work. Ok have included the activescan from Panda. Amazing it found many more than Avast!. Also ran sfc /scannow and ATF cleaner, this helped with the speed of the XP too - thanks although sfc did not seem to do anything but maybe it did help some where I can't tell. As you say "no fanfare" indeed! Unfortunately, the programs are still misbehaving...

Will have to try FF again, last I used it there seemed to be some page displaying issues.

cdg

Panda is safe to download, cdg. It enjoys a good reputation. Quite a number of valid tools and scanners are interpreted as suspicious because of their capabilities, but that is how they have to be. But it is wise to check each case.
Oh, by the way, I am proudly? IE7 ignorant. Totally. IE6 works for me, when I use it. Go, FF n Opera.

Attachments
Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/securityerror                                                     Not disinfected               c:\windows\system32\ot.ico                                                                                                                                                                                                                                      
Adware:adware/safetybar                                                         Not disinfected               c:\documents and settings\all users\desktop\Online Security Guide.url                                                                                                                                                                                           
Adware:adware/spywarequake                                                      Not disinfected               c:\windows\system32\1024\ld5035.tmp                                                                                                                                                                                                                             
Adware:adware/beginto                                                           Not disinfected               c:\windows\system32\cache32_rtneg                                                                                                                                                                                                                               
Adware:adware/elitebar                                                          Not disinfected               c:\windows\EliteSideBar                                                                                                                                                                                                                                         
Spyware:Cookie/888                                                              Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@888[2].txt                                                                                                                                                                                                        
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt                                                                                                                                                                                            
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@atdmt[1].txt                                                                                                                                                                                                      
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt                                                                                                                                                                                                
Spyware:Cookie/HotLog                                                           Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@hotlog[2].txt                                                                                                                                                                                                     
Spyware:Cookie/888                                                              Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@int.sitestat[1].txt                                                                                                                                                                                               
Spyware:Cookie/Cassava                                                          Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@int.sitestat[2].txt                                                                                                                                                                                               
Spyware:Cookie/Overture                                                         Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@overture[1].txt                                                                                                                                                                                                   
Spyware:Cookie/SpyLog                                                           Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@spylog[1].txt                                                                                                                                                                                                     
Spyware:Cookie/onestat.com                                                      Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@stat.onestat[2].txt                                                                                                                                                                                               
Spyware:Cookie/Xiti                                                             Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@xiti[2].txt                                                                                                                                                                                                       
Spyware:Cookie/Yadro                                                            Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@yadro[1].txt                                                                                                                                                                                                      
Spyware:Cookie/Zedo                                                             Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@zedo[1].txt                                                                                                                                                                                                       
Virus:W32/Gaobot.PIB.worm                                                       Disinfected                   C:\WINDOWS\inf\Tse.exe                                                                                                                                                                                                                                          
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\system32\abasa5jrp.ini                                                                                                                                                                                                                               
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\system32\hochkaod3.ini                                                                                                                                                                                                                               
Virus:W32/Gaobot.PIB.worm                                                       Disinfected                   C:\WINDOWS\system32\sysinfo.exe                                                                                                                                                                                                                                 
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\system32\u6f6uftuc.ini                                                                                                                                                                                                                               
Potentially unwanted tool:Application/PassRock                                  Not disinfected               D:\My Documents\Eudora Mail\Attach\RockXP3.org                                                                                                                                                                                                                  
Potentially unwanted tool:Application/PassRock                                  Not disinfected               D:\My Documents\Eudora Mail\Attach\RockXP31.org                                                                                                                                                                                                                 
Virus:Generic Trojan                                                            Not disinfected               D:\My Documents\My Downloads\Files\ABBYY\ABBYY 8\ABBYY.FineReader.Professional.v8.0.706.Activation.FIX-TWK.rar[twkf8fix.rar][twk-fr8fixpatch.zip][twk-fr8fixpatch.exe]                                                                                          
Adware:Adware/WUpd                                                              Not disinfected               D:\My Documents\My Downloads\Files\Download Studio\wsi=30231.html
0

Umm... wow! cdg...
First, if the files in your cache are not corrupted sfc will not prompt you if it has to copy any over into other protected areas - it only prompts if it needs to copy from cd into the cache.
Now. Panda showed up some problems, and although it points out spyware unfortunately that scan only disinfects viruses. But now we know.
Some advice : cracks could reasonably be called that cos they are cracks which let in malware/viruses, and you collected plenty that way. Cracks... well you cannot ever know what is in them unless you submit em for a scan first. Some groups are proud of their cracks and they are clean as, others load them maliciously, others do it for profit -they are paid for the spyware content. Same with code generators - you fire em up... only the programmer knows what happens next. Risky game.
I have attached the list of real problems..... but nothing we cannot clean. Do these things in this order:
CCleaner:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
ComboFix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore.
- On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using your account if an administrator, otherwise use the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan.
-save the log file. Post the log file.
Combofix:
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
== Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
Okay....that will keep you busy. Post those three logs.

Attachments
Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/securityerror                                                     Not disinfected               c:\windows\system32\ot.ico                                                                                                                                                                                                                                      
Adware:adware/safetybar                                                         Not disinfected               c:\documents and settings\all users\desktop\Online Security Guide.url                                                                                                                                                                                           
Adware:adware/spywarequake                                                      Not disinfected               c:\windows\system32\1024\ld5035.tmp                                                                                                                                                                                                                             
Adware:adware/beginto                                                           Not disinfected               c:\windows\system32\cache32_rtneg                                                                                                                                                                                                                               
Adware:adware/elitebar                                                          Not disinfected               c:\windows\EliteSideBar                                                                                                                                                                                                                                         
Spyware:Cookie/888                                                              Not disinfected               C:\Documents and Settings\Chris\Cookies\chris@888[2].txt                                                                                                                                                                                                        
Virus:W32/Gaobot.PIB.worm                                                       Disinfected                   C:\WINDOWS\inf\Tse.exe                                                                                                                                                                                                                                          
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\system32\abasa5jrp.ini                                                                                                                                                                                                                               
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\system32\hochkaod3.ini                                                                                                                                                                                                                               
Virus:W32/Gaobot.PIB.worm                                                       Disinfected                   C:\WINDOWS\system32\sysinfo.exe                                                                                                                                                                                                                                 
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\system32\u6f6uftuc.ini                                                                                                                                                                                                                               
Potentially unwanted tool:Application/PassRock                                  Not disinfected               D:\My Documents\Eudora Mail\Attach\RockXP3.org                                                                                                                                                                                                                  
Potentially unwanted tool:Application/PassRock                                  Not disinfected               D:\My Documents\Eudora Mail\Attach\RockXP31.org                                                                                                                                                                                                                 
Virus:Generic Trojan                                                            Not disinfected               D:\My Documents\My Downloads\Files\ABBYY\ABBYY 8\ABBYY.FineReader.Professional.v8.0.706.Activation.FIX-TWK.rar[twkf8fix.rar][twk-fr8fixpatch.zip][twk-fr8fixpatch.exe]                                                                                          
Adware:Adware/WUpd                                                              Not disinfected               D:\My Documents\My Downloads\Files\Download Studio\wsi=30231.html                                                                                                                                                                                               
Virus:Malware Generic                                                           Not disinfected               D:\My Documents\My Downloads\Files\DSclock\Calendarscope.v.2.6.rar[crack\calendarscope_2_6.exe]                                                                                                                                                                 
Virus:Malware Generic                                                           Disinfected                   D:\My Documents\My Downloads\Files\DSclock\Calendarscope.v2.6.WinALL.Cracked-ARN.ZIP[Calendarscope.v2.6.WinALL.Cracked-ARN/crack/calendarscope_2_6.exe]                                                                                                         
Virus:Malware Generic                                                           Disinfected                   D:\My Documents\My Downloads\Files\DSclock\Calendarscope.v2.6.zip[Calendarscope v2.6/crack/calendarscope_2_6.exe]                                                                                                                                               
Virus:Malware Generic                                                           Disinfected                   D:\My Documents\My Downloads\Files\DSclock\calendarscopev2.6crackaggression.zip[Calendarscope.v2.6.WinALL.Cracked-ARN/crack/calendarscope_2_6.exe]                                                                                                              
Virus:Malware Generic                                                           Not disinfected               D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[1].6.rar[calendarscope_2_6.exe]                                                                                                                                                                     
Virus:Malware Generic                                                           Not disinfected               D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[1].6.Warezpost.net.rar[Calendarscope_v2.6.Warezpost.net\calendarscope_2_6.exe]                                                                                                                      
Virus:Malware Generic                                                           Not disinfected               D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[2].6.Warezpost.net.rar[Calendarscope_v2.6.Warezpost.net\calendarscope_2_6.exe]                                                                                                                      
Potentially unwanted tool:Application/MyWebSearch                               Not disinfected               D:\My Documents\My Downloads\Files\Nero\Nero 7\Nero-7.7.5.1_eng_trial.exe[Toolbar.exe]                                                                                                                                                                          
Potentially unwanted tool:Application/MyWebSearch                               Not disinfected               D:\My Documents\My Downloads\Files\Nero\Nero 7\Nero-7.7.5.1_eng_update.exe[Toolbar.exe]                                                                                                                                                                         
Spyware:Spyware/New                                                             Not disinfected               D:\My Documents\My Downloads\Files\RM Recorder\WarezP2P_CWS.exe                                                                                                                                                                                                 
Virus:Malware Generic                                                           Disinfected                   D:\My Documents\My Downloads\Files\Utls\Cracks\T\O\Total_Recorder_Pro_v4.1a.zip[Patcher.exe]                                                                                                                                                                    
Potentially unwanted tool:Application/PassRock                                  Not disinfected               D:\My Documents\My Downloads\Files\Utls\RockXP31.exe
0

Umm... wow! cdg...
First, if the files in your cache are not corrupted sfc will not prompt you if it has to copy any over into other protected areas - it only prompts if it needs to copy from cd into the cache.
Now. Panda showed up some problems, and although it points out spyware unfortunately that scan only disinfects viruses. But now we know.
Some advice : cracks could reasonably be called that cos they are cracks which let in malware/viruses, and you collected plenty that way. Cracks... well you cannot ever know what is in them unless you submit em for a scan first. Some groups are proud of their cracks and they are clean as, others load them maliciously, others do it for profit -they are paid for the spyware content. Same with code generators - you fire em up... only the programmer knows what happens next. Risky game.
I have attached the list of real problems..... but nothing we cannot clean. Do these things in this order:
CCleaner:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
ComboFix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore.
- On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using your account if an administrator, otherwise use the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan.
-save the log file. Post the log file.
Combofix:
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
== Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
Okay....that will keep you busy. Post those three logs.

Many thanks gerbil, after a number of reboots the sw problems now seem to have cleared up. However, I will try to follow up on your suggestions in due course to make the system squeaky clean and get back. It sure will keep me busy... Again many many thanks for all the help and knowledge you are impart so graciously. On on another vain maybe you can visit my web page as I try to do the same with alternate health and energy... http://www.newmediaexplorer.org/chris/

0

Don't just try - do it. You have some real pests still at large in your sys. A dialler, a hack tool.... plus adware, spyware.

0

OK gerbil, survived your instructions attached are the 3 reports.... Also do you know of a utility that lets you know when everything has finished loading at start up?

Many thanks

Attachments
"Administrator" - 2007-06-29 15:16:38 - ComboFix 07-06-27.7 - Service Pack 2  NTFS  [SAFE MODE]


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\nm


(((((((((((((((((((((((((   Files Created from 2007-05-28 to 2007-06-29  )))))))))))))))))))))))))))))))


2007-06-29 15:14	49,152	--a------	C:\WINDOWS\nircmd.exe
2007-06-29 12:39	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-28 23:52	53,248	--a------	C:\WINDOWS\system32\Process.exe
2007-06-28 23:52	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2007-06-28 23:52	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2007-06-25 16:05	23,600	--a------	C:\WINDOWS\system32\drivers\drhard.sys
2007-06-24 12:53	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan
2007-06-18 23:16	<DIR>	d--------	C:\Program Files\RegistrySmart
2007-06-18 23:16	<DIR>	d--------	C:\DOCUME~1\Chris\APPLIC~1\RegistrySmart
2007-06-18 22:55	75,264	--a------	C:\WINDOWS\system32\unacev2.dll
2007-06-18 22:55	153,088	--a------	C:\WINDOWS\system32\UNRAR3.dll
2007-06-18 22:55	<DIR>	d--------	C:\DOCUME~1\Chris\APPLIC~1\Simply Super Software
2007-06-18 22:55	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-06-17 11:53	<DIR>	d--------	C:\Diskeeper
2007-06-17 00:10	9,175,040	--a------	C:\DOCUME~1\Chris\ntuser.dat
2007-06-16 23:54	<DIR>	d--------	C:\Program Files\Diskeeper Corporation
2007-06-16 23:54	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Diskeeper Corporation
2007-06-15 12:33	<DIR>	d--------	C:\DOCUME~1\Chris\APPLIC~1\XemiComputers
2007-06-15 12:33	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\XemiComputers
2007-06-15 11:48	<DIR>	d--------	C:\Program Files\Lavasoft
2007-06-15 11:48	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-15 00:23	494,352	--a------	C:\WINDOWS\system32\SHDOC401.DLL
2007-06-15 00:23	49,152	--a------	C:\WINDOWS\system32\ArmAccess.dll
2007-06-11 23:03	<DIR>	d--------	C:\DOCUME~1\ADMINI~1.886\APPLIC~1\Help
2007-06-11 22:42	<DIR>	d--------	C:\DOCUME~1\ADMINI~1.886\APPLIC~1\SYSTRAN
2007-06-10 22:46	<DIR>	d--------	C:\DOCUME~1\Chris\APPLIC~1\Yahoo!
2007-06-07 23:49	<DIR>	d--------	C:\DOCUME~1\Chris\APPLIC~1\wsInspector
2007-06-07 23:41	<DIR>	d-a------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-07 23:39	614,400	--a------	C:\WINDOWS\system32\ExButton.dll
2007-06-07 23:39	585,728	--a------	C:\WINDOWS\system32\ExMenu.dll
2007-06-07 23:39	507,904	--a------	C:\WINDOWS\system32\ExTab.dll
2007-06-07 23:39	307,200	--a------	C:\WINDOWS\system32\ExPMenu.dll
2007-06-07 23:39	118,784	--a------	C:\WINDOWS\system32\eWebControl.dll
2007-06-07 23:39	1,658,880	--a------	C:\WINDOWS\system32\ExGrid.dll
2007-06-07 23:39	<DIR>	d--------	C:\Program Files\Common Files\eSellerate
2007-06-07 23:39	<DIR>	d--------	C:\Program Files\AnswersThatWork
2007-06-07 23:19	<DIR>	d--------	C:\Program Files\Startup Inspector for Windows
2007-06-04 15:18	9,344	--a------	C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17	8,320	--a------	C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14	6,272	--a------	C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 18:07	<DIR>	d--------	C:\Program Files\iPod
2007-05-29 00:00	<DIR>	d--------	C:\Program Files\Debugging Tools for Windows


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 19:37:50	--------	d-----w	C:\Program Files\Trojan Remover
2007-06-27 04:29:56	--------	d-----w	C:\Program Files\Quick ShutDown
2007-06-27 04:28:35	--------	d-----w	C:\Program Files\Microsoft IntelliPoint
2007-06-27 04:25:57	--------	d-----w	C:\Program Files\Google
2007-06-27 04:25:00	--------	d-----w	C:\Program Files\eFax Messenger 4.3
2007-06-27 04:24:47	--------	d-----w	C:\Program Files\Common Files\Zinio
2007-06-15 15:46:52	--------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-06-12 03:19:48	--------	d-----w	C:\Program Files\eRef
2007-05-30 04:40:53	--------	d-----w	C:\Program Files\Security Task Manager
2007-05-25 22:24:29	--------	d-----w	C:\Program Files\ACW
2007-05-25 17:02:37	--------	d-----w	C:\Program Files\SanDisk
2007-05-25 17:02:36	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-05-18 20:50:35	--------	d-----w	C:\DOCUME~1\ADMINI~1.886\APPLIC~1\Powermarks
2007-05-18 20:47:11	--------	d-----w	C:\DOCUME~1\ADMINI~1.886\APPLIC~1\Talkback
2007-05-18 19:59:11	--------	d-----w	C:\DOCUME~1\ADMINI~1.886\APPLIC~1\Uniblue
2007-05-18 19:56:41	--------	d-----w	C:\DOCUME~1\ADMINI~1.886\APPLIC~1\Lavasoft
2007-05-16 15:12:02	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-05-03 03:48:49	--------	d-----w	C:\Program Files\Zinio
2007-04-25 14:21:15	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-04-17 02:43:40	208,248	----a-w	C:\WINDOWS\system32\muweb.dll
2007-04-13 19:19:52	7,680	----a-w	C:\WINDOWS\system32\lsdelete.exe
2007-04-08 04:20:32	8	----a-w	C:\DFIMB.DAT


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-05-30 17:18]
{206E52E0-D52E-11D4-AD54-0000E86C26F6}=D:\PROGRA~1\FRESHD~1\FRESHD~2\fdcatch.dll [2006-01-25 10:05]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{6172E460-FAE3-11D2-B494-004005A47AAA}=D:\PROGRA~1\POWERM~1\iec.dll [2002-12-01 20:59]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-26 00:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 19:00]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 12:06]
"Lights out"="D:\Program Files\LightsOut\Lights Out.exe" [2004-04-27 22:51]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-12-17 16:51]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 13:28]
"ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [2007-01-15 13:28]
"Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-06-15 17:00]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-06-07 12:38]
"Scalogic My Schedule"="D:\Program Files\Scalogic\My Schedule\myschedule.exe" [2005-12-28 12:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 00:07]
"Clipboard Recorder"="D:\Program Files\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe" [2006-12-14 14:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="D:\My Documents\Eudora Mail\EuShlExt.dll" [2006-08-17 15:57]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files\NetMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files\NetMeter\NetMeter.exe]
D:\Program Files\NetMeter\NetMeter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Clipboard Box"=D:\Program Files\Clipboard Box\clipboardbox.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\shellrun.exe index.doc


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static
msiexec /fums {3CBBEE47-C8F4-
SmitFraudFix v2.197

Scan done at 16:01:59.60, 2007-06-29
Run from C:\DOCUME~1\Chris\LOCALS~1\Temp\_tc0\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

 Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
D:\Program Files\LightsOut\Lights Out.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
D:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
D:\Program Files\MouseLaunch\Launcher.exe
D:\Program Files\Scalogic\My Schedule\myschedule.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Quick ShutDown\qsd.exe
C:\WINDOWS\system32\notepad.exe
D:\My Documents\Eudora Mail\Eudora.exe
D:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\cmd.exe

 hosts


 C:\


 C:\WINDOWS


 C:\WINDOWS\system


 C:\WINDOWS\Web


 C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

 C:\WINDOWS\system32\LogFiles


 C:\Documents and Settings\Chris


 C:\Documents and Settings\Chris\Application Data


 Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

 C:\DOCUME~1\Chris\FAVORI~1

C:\DOCUME~1\Chris\FAVORI~1\Antivirus Test Online.url FOUND !

 Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

 C:\Program Files 


 Corrupted keys


 Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"



 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


 Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


 Rustock



 DNS

Description: NVIDIA nForce Networking Controller #2
DNS Server Search Order: 192.168.0.1

Description: NVIDIA nForce Networking Controller #2
DNS Server Search Order: 207.164.234.193
DNS Server Search Order: 206.47.244.137

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BD25C877-2526-4197-9B6E-CCD4E6DA8F42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDB237C2-5A6D-4BF9-AE6C-6A7AD79B76E6}: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AE9EB9F-240D-4098-BA9F-C1DE97F386B1}: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BD25C877-2526-4197-9B6E-CCD4E6DA8F42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BD25C877-2526-4197-9B6E-CCD4E6DA8F42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDB237C2-5A6D-4BF9-AE6C-6A7AD79B76E6}: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.164.234.193 206.47.244.137


 Scanning for wininet.dll infection


 End
0

Hi, cdg.... you survived, huh? Good practice though, cos you missed one very important lil piece of the instructions... Work through this and we'll catch it up.
==Run the clean option with smitfraudfix:-
- Check that a Restore point has been made.
- Go into safe mode.
- Start Smitfraudfix as before and press 2, Enter.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
Restart in safe mode.
==Good-oh, now for the bit you missed: "-under Scanner/ Settings please set Recommended actions to Quarantine," it IS important, that bit, cos otherwise all AVG does is look and report. So....
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to QUARANTINE!!!!!, and run the complete system scan.
-save the log file. Post the log file, and that Smitfraudfix log.
Heh.... and no, I don't know of such a utility....

0

Hi, cdg.... you survived, huh? Good practice though, cos you missed one very important lil piece of the instructions... Work through this and we'll catch it up.
==Run the clean option with smitfraudfix:-
- Check that a Restore point has been made.
- Go into safe mode.
- Start Smitfraudfix as before and press 2, Enter.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
Restart in safe mode.
==Good-oh, now for the bit you missed: "-under Scanner/ Settings please set Recommended actions to Quarantine," it IS important, that bit, cos otherwise all AVG does is look and report. So....
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to QUARANTINE!!!!!, and run the complete system scan.
-save the log file. Post the log file, and that Smitfraudfix log.
Heh.... and no, I don't know of such a utility....

Many thanks again gerbil, sorry could not respond earlier - was away (long wkd in Canada). Will do per you instructions and send the logs soon.

0

Hi gerbil, here are the files you requested. Apparently, when I ran AVG last time I did not run the action button, then the report does not show the quarantined items it seems???

Thanks again.

cdg

Attachments
SmitFraudFix v2.197

Scan done at 13:06:14.00, 2007-07-04
Run from C:\DOCUME~1\ADMINI~1.886\LOCALS~1\Temp\_tc0\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

 SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"


 Killing process


 hosts

127.0.0.1       localhost

 Generic Renos Fix

GenericRenosFix by S!Ri


 Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted

 DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BD25C877-2526-4197-9B6E-CCD4E6DA8F42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDB237C2-5A6D-4BF9-AE6C-6A7AD79B76E6}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AE9EB9F-240D-4098-BA9F-C1DE97F386B1}: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BD25C877-2526-4197-9B6E-CCD4E6DA8F42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BD25C877-2526-4197-9B6E-CCD4E6DA8F42}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDB237C2-5A6D-4BF9-AE6C-6A7AD79B76E6}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.164.234.193 206.47.244.137
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


 Deleting Temp Files


 Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


 Registry Cleaning
 
Registry Cleaning done. 
 
 SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


 End
0

Sooo many people miss the advice to set recommended actions to Quarantine.... and yeah, if you don't, all AVG does is look.
Okay. Crack tools.... some you have are infected, others are just detected as infected but are non-harmful. I think some software manufs deliberately put out bad cracks, keygens, other groups do it for profit -they sell the adware space.... a few are proud of what they do and are genuinely clean. If you must use them, scan them first, then run them in a sandboxed environment.
You may wish to remove from quarantine some of those - I am not advising cos pretty much if AVG put them in there, they're bad.
D:\Program Files\Tweak-XP Pro 4\tweak-xp.exe : restore this one from quarantine.... and delete the remainder.

Now search for these files, folders and delete them:

c:\windows\system32\1024
c:\windows\system32\cache32_rtneg
c:\windows\EliteSideBar
E:\ION bu
D:\My Documents\My Zinio Library
D:\My Documents\work - you may wish to check contents of this one first, but it did have malware in it...
And delete all of these too [paying attention to notes on last few]:

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@888[2].txt
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\abasa5jrp.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\hochkaod3.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\u6f6uftuc.ini
Adware:Adware/WUpd Not disinfected D:\My Documents\My Downloads\Files\Download Studio\wsi=30231.html
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope.v.2.6.rar[crack\calendarscope_2_6.exe]
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[1].6.rar[calendarscope_2_6.exe]
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[1].6.Warezpost.net.rar[Calendarscope_v2.6.Warezpost.net\calendarscope_2_6.exe]
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[2].6.Warezpost.net.rar[Calendarscope_v2.6.Warezpost.net\calendarscope_2_6.exe]
Spyware:Spyware/New Not disinfected D:\My Documents\My Downloads\Files\RM Recorder\WarezP2P_CWS.exe
Adware:Adware/Aureate-Radiate Not disinfected E:\ION bu\Work backup\N110294\Files.zip[Files/aarfree1.zip][SETUP.EXE]
Dialer:Dialer.JYO Not disinfected E:\ION bu\Work backup\N110294\gc.zip[gc/Serials 2000/s2k_060102.zip][Handy.exe]
Adware:Adware/SAHAgent Not disinfected G:\WINDOWS\system32\abasa5jrp.ini
Adware:Adware/SAHAgent Not disinfected G:\WINDOWS\system32\hochkaod3.ini
Adware:Adware/SAHAgent Not disinfected G:\WINDOWS\system32\u6f6uftuc.ini

==These two I do not know.. so I leave them up to you [they are valid Nero dls, but I don't know why they are shown as containing MyWebSearch which is a guaranteed pest]:
Potentially unwanted tool:Application/MyWebSearch Not disinfected D:\My Documents\My Downloads\Files\Nero\Nero 7\Nero-7.7.5.1_eng_trial.exe[Toolbar.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected D:\My Documents\My Downloads\Files\Nero\Nero 7\Nero-7.7.5.1_eng_update.exe[Toolbar.exe]
...and removing this one may break "your" ABBYY :)
Virus:Generic Trojan Not disinfected D:\My Documents\My Downloads\Files\ABBYY\ABBYY 8\ABBYY.FineReader.Professional.v8.0.706.Activation.FIX-TWK.rar[twkf8fix.rar][twk-fr8fixpatch.zip][twk-fr8fixpatch.exe]

Okay... now run CCLeaner again, then panda and lastly AVG. We shall see what is left. Some comments on your sys would be nice...

0

Ah, thanks, cdg, it's so long since AVG AS picked up anything in my sys that I am starting to forget how it works with its log and actions! So you did have it set to quarantine, but because you did not press Apply all Actions it did not reflect that in the log.
Missed this bit - you should do this before you repeat those scans.
System Restore Points Clearance:
==You MUST clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.

0

Ah, thanks, cdg, it's so long since AVG AS picked up anything in my sys that I am starting to forget how it works with its log and actions! So you did have it set to quarantine, but because you did not press Apply all Actions it did not reflect that in the log.
Missed this bit - you should do this before you repeat those scans.
System Restore Points Clearance:
==You MUST clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.

Hi gerbil, have been tied up to my ying yang, tried sending you info on my system but keep getting BSOD when I try to print or save the file. the error is something like: Stop: 0x000000C4 (0x00000081, 0x86B17760, 0x00000082, 0x00000000) will try to sort it out and send in due course... again many thanks

0

Thanks gerbil, will get back soon hopefully.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.