Unsolved
This post is more than 5 years old
7 Posts
0
695
March 1st, 2007 13:00
Desktop changed....need help removing virus
My computer is infected. My desktop has changed and there are lots of pop ups. Can someone tell me step by step what to do. Here is my HiJackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:15:11 AM, on 3/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Scan saved at 10:15:11 AM, on 3/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc_32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\mzanynyp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc_32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\mzanynyp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34CE5~1\Bar888.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34CE5~1\Bar888.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [dmnst.exe] C:\WINDOWS\System32\dmnst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [pxtqrqd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pxtqrqd.dll,lvdgctb
O4 - HKLM\..\Run: [dmdwa.exe] C:\WINDOWS\System32\dmdwa.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Alexa bridge] C:\WINDOWS\System32\mzanynyp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: .protected
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154116576700
O20 - Winlogon Notify: p4reg - C:\WINDOWS\SYSTEM32\p432.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34CE5~1\Bar888.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34CE5~1\Bar888.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [dmnst.exe] C:\WINDOWS\System32\dmnst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [pxtqrqd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pxtqrqd.dll,lvdgctb
O4 - HKLM\..\Run: [dmdwa.exe] C:\WINDOWS\System32\dmdwa.exe
O4 - HKLM\..\Run: [pdvyeng.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: [Alexa bridge] C:\WINDOWS\System32\mzanynyp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: .protected
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154116576700
O20 - Winlogon Notify: p4reg - C:\WINDOWS\SYSTEM32\p432.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
No Events found!
1972vet
3.3K Posts
0
March 1st, 2007 15:00
While I'm studying your log, do this:
Please go HERE (Microsoft website) using Internet Explorer ( NOT Firefox or any other browser as they won't work)
1972vet
3.3K Posts
0
March 1st, 2007 15:00
Please download FixWareout from one of these sites:
Subratam
Bleepingcomputer
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads please copy the text that will open (report.txt) and save it to your Desktop. I will ask you to post that .txt file back here.
Please uninstall the following software:
MyWebSearch
Click-->Start-->Control Panel-->Add/Remove Programs
Scroll down the list to locate the program name "MyWebSearch" and click Remove. When the uninstall completes, reboot the computer.
Your Java application is out of date and causes a slight security risk as a result.
Please follow these steps to remove older version Java components
1. Close any open programs you may have running, especially your web browser.
2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread:
Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.
3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.
4. Navigate to and delete:
- C:\Program Files\ Java =this folder if found
5. Then go to this page.Scroll down to where it says "Java Runtime Environment (JRE) 6
The Java SE Runtime Environment (JRE) allows end-users to run Java applications."and click the "Download" button to the right.
6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on the executable to install the newest version. Reboot when the installation completes.
Please download the KILLBOX, extract it to your desktop.
DO NOTHING ELSE WITH IT YET
Read here how to unzip/extract properly.
Let's make sure you have your on board AVG Anti-Spyware application configured for the best scan recommendations:
Launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
Once the updates are installed do the following:
Click on the " Scanner" button and choose the " Settings" tab.
Close the application and reboot the computer into Safe mode. Once in safe mode continue with the instructions below:
Open the AVG Anti-Spyware application and click the " Scan" tab.
Click " Complete System Scan" to start.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
- Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
- If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
When the scan has finished you will be presented with a list of infected objects found. Click " Apply all actions" to place the files in Quarantine.IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate " No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
Click on " Save Report" to view all completed scans. Click on the most recent scan you just performed and select " Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
Exit AVG Anti-Spyware when done.
Open killbox.exe. First click on Tools-->Delete Temp Files. A box will open with a list of all user profiles.
Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.
Temporary Internet Files
Temp Files
XP Prefetch
If you want to clean your cookies, history, and list of recent files run you may check those boxes as well. Next, click on the Button titled "Delete Selected Temp Files".
Exit by clicking the Button titled "Exit(Save Settings)".
Once back into the main killbox program, check the box Delete on Reboot.
Highlight the entries in Bold text below and then copy them.
C:\WINDOWS\System32\msdtc_32.exe
C:\WINDOWS\System32\mzanynyp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\dmnst.exe
C:\WINDOWS\System32\dmdwa.exe
C:\WINDOWS\System32\pxtqrqd.dll
C:\WINDOWS\System32\pdvyeng.dll
C:\WINDOWS\SYSTEM32\p432.dll
C:\WINDOWS\SYSTEM32\PLSRemote.exe
Then in killbox click File-->Paste from Clipboard. Click the "All Files" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.
A second message will ask to Reboot now? you will need to click No for now.
Note: Killbox will let you know if a file does not exist. You should receive at least two of these as the files should have been removed already from your Wareout scan.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until you've completed the instructions below.
Please run HijackThis again and check the following:
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34CE5~1\Bar888.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34CE5~1\Bar888.dll
O4 - HKLM\..\Run: C:\WINDOWS\System32\dmnst.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pxtqrqd.dll,lvdgctb
O4 - HKLM\..\Run: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\pdvyeng.dll,drjbxce
O4 - HKLM\..\Run: C:\WINDOWS\System32\dmdwa.exe
O20 - Winlogon Notify: p4reg - C:\WINDOWS\SYSTEM32\p432.dll
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
Close all windows now except for the hijackthis application window, then click the Fix Checked button.
Boot back to your normal windows user mode and post the following:
Windows Validation info
report.txt from your FixWareout Scan.
AVG Anti-Spyware scan log
Fresh HijackThis log
tfin1212
7 Posts
0
March 2nd, 2007 01:00
Post this report in the forums please
...
»»»»»Prerun check
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"pdvyeng.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\pdvyeng.dll,drjbxce"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Key"="C:\\DOCUME~1\\owner\\LOCALS~1\\Temp\\AA.tmp"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"Uahe"="\"C:\\DOCUME~1\\owner\\MYDOCU~1\\MANTEC~1\\winspool.exe\" -vt yazb"
"Cmmls"="\"C:\\Documents and Settings\\owner\\Application Data\\??crosoft\\??ool32.exe\" 99001122"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
1972vet
3.3K Posts
0
March 2nd, 2007 01:00
While I'm studying your log, do this:
Please go HERE (Microsoft website) using Internet Explorer ( NOT Firefox or any other browser as they won't work)
...also, please answer "Is there any particular reason why you haven't patched your version of Windows?" and please post the AVG Anti-Spyware scan log and a fresh
HijackThis log.
tfin1212
7 Posts
0
March 3rd, 2007 00:00
Here is the AVG report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:33:17 AM 3/2/2007
+ Scan result:
C:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe -> Adware.Beginto : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1 -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\laifu.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{34CE5F6C-05D7-1033-1107-030309090001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareSheriff_is1 -> Adware.SpywareSheriff : Cleaned with backup (quarantined).
C:\!KillBox\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\!KillBox\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\!KillBox\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\repairs302972985.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\tskmgr.exe -> Downloader.Agent.bdr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csaah.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\Program Files\hijackthis\backups\backup-20070301-101021-323.dll -> Downloader.Busky : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pdvyeng.dll -> Downloader.Busky : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sciekad.dll -> Downloader.Busky : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\0345caf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\233c3ed6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\3eb78af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\4dd0eaf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\5081b6f6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\5db79af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\692d8af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\72d6aaf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\75fb7af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\80c0b6f6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\9fa79af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\bd2afbf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\bdf49af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\c05c8af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\c2dcaaf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\d68ca3f6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\ed449ff6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\fde6aaf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\0e2008f6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\0efc8af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\173441e6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\30db2af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\38a0aaf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\45549fe6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\48957af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\6e4c8af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\7e183af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\8a15dae6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\a6b98af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\ccfc8af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\d03818c6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\e181faf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\e2861bf6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\eda89af6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\ee2008f6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\f69741e6.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\WINDOWS\adsldpbm.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkd1q1.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP1\A0000006.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\z15.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\Program Files\hijackthis\backups\backup-20061119-215612-927.dll -> Downloader.Small.ddx : Cleaned with backup (quarantined).
C:\Program Files\hijackthis\backups\backup-20061121-171436-298.dll -> Downloader.Small.ddx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xpd1DB9E3.dll -> Downloader.Small.ddx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xpd20C2BF.dll -> Downloader.Small.ddx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xpd8F5EC.dll -> Downloader.Small.ddx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkd1q6.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkd1q7.exe -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxg6ame4.exe -> Downloader.Small.dzd : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ffmu\ffmud\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Temp\Temporary Internet Files\Content.IE5\G3658BED\1_z[1].html -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\27U3A1ER\1_z[1].html -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Temporary Internet Files\Content.IE5\CVCHI561\if_z[1].html -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Temporary Internet Files\Content.IE5\ED78P432\1_z[1].html -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\p432.dll -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\vbsys2.dll -> Hijacker.Agent.ac : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\hijackthis\backups\backup-20070301-101021-348.dll -> Logger.BZub.hg : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\_ibm00005.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Cookies\trent sr@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@cz11.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Trent Sr\Cookies\trent sr@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun13.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun13.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\mstD6.tmp -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dial23_exe.vir -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe -> Trojan.Durvil : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\~ds39990.tmp -> Trojan.Durvil : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe -> Trojan.Durvil : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\~ds39990.tmp -> Trojan.Durvil : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aspi1989311.exe -> Trojan.LdPinch.sh : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\1a2faaf6.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Monica\Local Settings\Application Data\b3c79af6.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Trent Sr\Local Settings\Application Data\f58e2af6.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\b3duZXI\vaxRtrK.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxga8me6.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsintit.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun4.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kernels88.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxg4am1et2.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun15.exe -> Worm.Zhelatin.as : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun15.exe -> Worm.Zhelatin.as : Cleaned with backup (quarantined).
::Report end
tfin1212
7 Posts
0
March 3rd, 2007 00:00
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:25:23 PM, on 3/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\hijackthis\HijackThis.exe
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: .protected
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: p4reg - p432.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
tfin1212
7 Posts
0
March 3rd, 2007 00:00
The Windows Validation Assistant requires you to be running Windows XP or Windows Server 2003. The Windows Validation Assistant also must be run in Internet Explorer.
Since you are unable to run the Windows Validation Assistant, you may visually determine whether your operating system is genuine in the next section.
No there's no particular reason. I didnt know I needed to patch my version.
1972vet
3.3K Posts
0
March 3rd, 2007 00:00
The Windows Validation Assistant requires you to be running Windows XP or Windows Server 2003. The Windows Validation Assistant also must be run in Internet Explorer...
We cannot continue until you get past this part. The information you posted from the above quote indicates that you need either Windows XP (which you DO have) or windows server 2003 to run the windows validation assistant. Since you meet that criteria, the only possibility for the "You are unable to run the Windows Validation Assistant" is because you didn't use Internet Explorer as it instructs here:
"...using Internet Explorer (NOT Firefox or any other browser as they won't work)".
So please return to the Windows validation site using Internet Explorer, run the tool, and post the results back here.
tfin1212
7 Posts
0
March 3rd, 2007 01:00
1972vet
3.3K Posts
0
March 3rd, 2007 15:00
Specifically, this paragraph (about three quarters of the way down the page) mentions what to do:
I get the following error: "Windows Validation Assistant failed to run properly on the machine."
Please check that the Windows Validation Assistant component has been downloaded properly. You will also get this error message if you click No when prompted to install the Windows Validation Assistant component.
Please post back your results. Thanks!