Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Barry

Pages: [1]

Tech Clinic / about blank

« on: May 31, 2005, 05:10:08 PM »

Guestolo sorry about the delay.

You are a Prince among men, nay a king.

as you may have guessed it seems to have worked.

Below are the various scans you wanted.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         22:22:50, 31/05/2005
+ Report-Checksum:      F767678

+ Date of database:      31/05/2005
+ Version of scan engine:   v3.0

+ Duration:            29 min
+ Scanned Files:         54581
+ Speed:            30.66 Files/Second
+ Infected files:         69
+ Removed files:         69
+ Files put in quarantine:      69
+ Files that could not be opened:   0
+ Files that could not be cleaned:   0

+ Binder:      Yes
+ Crypter:      Yes
+ Archives:      Yes

+ Scanned items:
   C:\
   D:\

+ Scan result:
   C:\Documents and Settings\Owner\Desktop\backups\backup-20030526-194702-322.dll -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\Documents and Settings\Owner\Desktop\backups\backup-20030526-194702-339.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\Program Files\180Solutions\sais.exe -> Spyware.180Solutions -> Cleaned with backup
   C:\Program Files\180Solutions\saishook.dll -> Spyware.180solutions -> Cleaned with backup
   C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\Program Files\Common Files\WinTools\WSup.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\Program Files\Common Files\WinTools\WToolsA.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\Program Files\Common Files\WinTools\WToolsB.dll -> Spyware.Wintol.y -> Cleaned with backup
   C:\Program Files\Common Files\WinTools\WToolsS.exe -> TrojanDownloader.Wintool.f -> Cleaned with backup
   C:\Program Files\Internet Explorer\gckkomsf.exe -> Trojan.LowZones -> Cleaned with backup
   C:\Program Files\Internet Optimizer\optimize.exe -> TrojanDownloader.Dyfuca -> Cleaned with backup
   C:\Program Files\ISTbar\istbarcm.dll -> TrojanDownloader.IstBar.ik -> Cleaned with backup
   C:\Program Files\ISTsvc\istsvc.exe -> TrojanDownloader.IstBar -> Cleaned with backup
   C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD.ag -> Cleaned with backup
   C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD.am -> Cleaned with backup
   C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD -> Cleaned with backup
   C:\Program Files\Power Scan\powerscan.exe -> Spyware.PowerScan.d -> Cleaned with backup
   C:\Program Files\Power Scan\uninstall.exe -> TrojanDownloader.IstBar.gi -> Cleaned with backup
   C:\Program Files\SideFind\sfbho.dll -> Spyware.SideFind -> Cleaned with backup
   C:\Program Files\SideFind\update\sidefind.exe -> TrojanDownloader.IstBar.jm -> Cleaned with backup
   C:\Program Files\Toolbar\common.dll -> Spyware.WebSearch.aj -> Cleaned with backup
   C:\Program Files\Toolbar\gykhxlmu.rmr -> Spyware.IBISToolbar -> Cleaned with backup
   C:\Program Files\Toolbar\IExploreSkins.exe -> Spyware.Websearch -> Cleaned with backup
   C:\Program Files\Toolbar\PIB.exe -> Spyware.WebSearch.aj -> Cleaned with backup
   C:\Program Files\Toolbar\radio.exe -> Spyware.WebSearch -> Cleaned with backup
   C:\Program Files\Toolbar\TBPS.exe -> Spyware.WebSearch.aj -> Cleaned with backup
   C:\Program Files\Toolbar\toolbar.dll -> Spyware.WebSearch -> Cleaned with backup
   C:\Program Files\Toolbar\xlmurin.wzg -> Spyware.IBISToolbar -> Cleaned with backup
   C:\web.exe -> Trojan.LowZones -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\gckkomsf.exe -> Trojan.LowZones -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\istactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\lkir8l2gm_.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
   C:\WINDOWS\dyh.exe -> Spyware.180solutions -> Cleaned with backup
   C:\WINDOWS\nem220.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
   C:\WINDOWS\remeariq.exe -> TrojanDownloader.IstBar.ij -> Cleaned with backup
   C:\WINDOWS\system\BHOmod.dll -> TrojanDownloader.Agent.li -> Cleaned with backup
   C:\WINDOWS\system\Loader.dll -> TrojanDownloader.Agent.li -> Cleaned with backup
   C:\WINDOWS\system32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\WINDOWS\system32\exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\exdl0.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\exdl2.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\exul2.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
   C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.ExactSearchBar -> Cleaned with backup
   C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\WINDOWS\system32\msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\WINDOWS\system32\msxct.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\WINDOWS\system32\trkgif.exe -> Spyware.Winpup32 -> Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 22:39:42, on 31/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O16 - DPF: {16AD0894-098E-2C4B-06A0-092A6EFD2775} - http://205.252.161.238/1/gdnUS1878.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

(5/31/05 22:28:41) SPSeHjFix started v1.1.2
(5/31/05 22:28:41) OS: WinXP Service Pack 1 (5.1.2600)
(5/31/05 22:28:41) Language: english
(5/31/05 22:28:41) Win-Path: C:\WINDOWS
(5/31/05 22:28:41) System-Path: C:\WINDOWS\System32
(5/31/05 22:28:41) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(5/31/05 22:28:48) Disinfection started
(5/31/05 22:28:48) Bad-Dll(IEP): (not found)
(5/31/05 22:28:48) Bad-Dll(IEP) in BHO: (not found)
(5/31/05 22:28:48) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\kihj.dll
(5/31/05 22:28:48) Searchassistant Uninstaller - Keys Deleted
(5/31/05 22:28:48) UBF: 7 - UBB: 6 - UBR: 16
(5/31/05 22:28:48) UBF: 7 - UBB: 6 - UBR: 16
(5/31/05 22:28:48) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

Thanks again.

Tech Clinic / about blank

« on: May 29, 2005, 11:52:39 AM »

It will probably be tomorrow before i see him.

i will install firefox on his machine or i will try anyway.

I will attempt to download it and whatever else i need on his computer, although he only has dial up so can be a bit slow.

once i've installed Firefox what do i need to do then.

Tech Clinic / about blank

« on: May 29, 2005, 05:48:55 AM »

Thanks Guestolo

and yes i do need help:)

I have just checked for those programs and none are present, although there was one that looked odd
@programasukgb
i have removed this now
Spybot info is
version 1.3. - no update
Adaware is
IR200 12.07.2003
Build 6.181

Get 2 Log
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=dword:00000000
"NoDispBackgroundPage"=dword:00000001
"NoDispAppearancePage"=dword:00000001
"Wallpaper"="c:\\wp.bmp"

Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 11:31:17, on 29/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\atiupdpl.exe
C:\WINDOWS\System32\gclib.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

if i take a while to reply it is because i am having to run between computers to do this as it is a friends computer i am trying to fix.

Tech Clinic / about blank

« on: May 28, 2005, 03:56:57 AM »

Bump

Tech Clinic / about blank

« on: May 27, 2005, 03:11:59 AM »

I use AOL and my computer come up with a C++ runtime error as soon as i go online.

My screen background has turned blue and says "A fatal error in IE has occured at 0028:c0011e36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c" in the middle of the screen.

My default page has become about blank.

i have tried running cwshredder spybot and adaware, as well as running hijackthis and trying to remove all references to about blank
Unfortunately i have failed.

I would therefore be very grateful for any help that can be given. Below is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 20:38:06, on 26/05/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\atiupdpl.exe
C:\WINDOWS\System32\gclib.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 7.0\wEmail Removedexe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/spage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [@programasukgb-htm] RunDll32 UDConn.dll,RunAsIcon @programasukgb
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NavRegReminder] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"
O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F44C866E-2DF8-48B9-BC63-D9D13DE1F3EB} - C:\WINDOWS\System32\wldr.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C311699F-E773-4FB3-B202-40D38CDCE887}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Barry

Tech Clinic / about blank

Tech Clinic / about blank

Tech Clinic / about blank

Tech Clinic / about blank

Tech Clinic / about blank