Skip to main content

dobhar

1.1K Posts

October 27th, 2005 22:00

Hi...

Welcome to the forum. My name is dobhar and I will be looking over your log. Please give me some time to go look it over and I will post back as soon as possible. If you have any questions please post back as a reply to this Thread\Topic and I will be advised by email so I can return and help you. Please do not start another Thread\Topic.

Thank You,

dobhar

1.1K Posts

October 28th, 2005 03:00

Hi...

Sorry for the delay...got paged and had to work...

Lets' get to it...
_________________________________________________________________________________

Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) availble to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
________________________________________________________________________________

Step 1.
==========
Please download and install CCleaner from http://www.ccleaner.com/download124.asp
(Note: DO NOT run this program yet)

Step 2.
==========
Please download VundoFix.exe from http://www.atribune.org/downloads/VundoFix.exe to your desktop.
- Double-click VundoFix.exe to extract the files...This will create a VundoFix folder on your desktop.
- After the files are extracted, please reboot your computer into Safe Mode.

Step 3.
==========
- Reboot computer into " Safe Mode" Using the F8 method:
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
- Use the arrow keys to select the Safe Mode menu item
(Note: For additional help in booting into Safe Mode, see the following site - http://www.pchell.com/support/safemode.shtml)

Step 4.
==========
We need to make sure all Hidden Files are showing so please:
* Open " My Computer" then click on " Tools" and from the drop down menu select " Folder Options".
* Select the " View" tab.
* Under the " Hidden files and folders" heading SELECT " Show hidden files and folders".
* UNCHECK the " Hide file extensions for known types option".
* Click " Yes" to confirm.
* Click " OK"

Step 5.
==========
- Open the VundoFix folder on your Desktop
- Double-click on KillVundo.bat to run it
- You will first be presented with a warning. It should look like this:

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

- At this point press enter one time.
- Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:

-At this point please type the following file path (Note: make sure to enter it exactly as below!):
D:\WINDOWS\system32\pmnnm.dll
- Press Enter to continue with the fix.
- Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:

- At this point please type the following file path (Note: make sure to enter it exactly as below!):
D:\WINDOWS\system32\mnnmp.*
- Press Enter to continue with the fix.
- The fix will run then HijackThis will open...
- Select\check the following entries below, Double-check to make sure that only these entries are checked...

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - D:\WINDOWS\system32\pmnnm.dll
O20 - Winlogon Notify: pmnnm - D:\WINDOWS\system32\pmnnm.dll

- Click the " Fix checked" button...
- After you have fixed these items, close HijackThis
- Press Enter to exit the VundoFix program then manually reboot your computer.
- Once your machine reboots, reboot into " Normal Mode" and continue with the instructions below.

Step 6.
==========
We now need to cleanup all the Temp, Temorary Internet Files, Recycle Bin, etc...
- Start the CCleaner program
- Get into " Options" => Select " Advanced" => Deselect\uncheck " Only delete files in Windows Temp folders older than 48 hours"
- We are only going to work with the "Cleaner" section. (Note: Do not use the "Issues" section)
- click on the Run Cleaner button in the lower right-hand corner
- After complete close program
- Empty Recycle Bin

Step 7.
==========
Run Panda's online virus scan from http://www.pandasoftware.com/products/activescan.htm and perform a full system scan.
- Once you are on the Panda site click the " Scan your PC" button
- A new window will open...click the big " Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on " Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply

Step 8.
==========
- Post a fresh new HijackTHis log
- Post the Vundofix.txt log
- Post the Panda ActiveScan results

lk_digitus

8 Posts

October 31st, 2005 20:00

Now none of my audio drivers are working.

lk_digitus

8 Posts

October 31st, 2005 20:00

Panda found no problems, I've since run an Ewido scan and it finds the same problem.  I can tell because it tries to access my internet connection every once in a while.

 

Logfile of HijackThis v1.99.1
Scan saved at 5:35:17 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Apps\Norton Internet Security\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
C:\drivers\audigy2\Surround Mixer\CTSysVol.exe
C:\drivers\audigy2\DVDAudio\CTDVDDet.EXE
C:\Drivers\Razer\razerhid.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Apps1\Creative\MediaSource\Detector\CTDetect.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
E:\apps\ewido\security suite\ewidoctrl.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Apps\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\MsPMSPSv.exe
C:\Drivers\Razer\razertra.exe
C:\Drivers\Razer\razerofa.exe
D:\Program Files\Messenger\msmsgs.exe
C:\downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pvponline.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.23.108.3:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Apps1\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Apps\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Apps\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\drivers\audigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\drivers\audigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Drivers\Razer\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] C:\Apps1\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trillian.lnk = C:\apps1\Trillian3\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\apps1\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Apps1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Apps1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123355802013
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123355792513
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - E:\apps\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Apps\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Apps\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Apps\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

dobhar

1.1K Posts

October 31st, 2005 21:00

Hi...

Your HijackThis log is clean. According to the log there is no traces of WinFixer\Vundo.

Please follow the instructions below as I am going to get you to run an Ewido scan and have you post the log so I can go through it.
___________________________________________________________________

Step 1.
==========
Please make sure Ewido has been updated with the latest "definitions"...
(Note: If you are having problems with the updater, you can manually update ewido from here)

Step 2.
==========
If you have not already installed Ad-Aware SE 1.06, please follow the download and setup instructions by rstones12 below, otherwise, just check to for updates to program:
Ad-Aware SE setup instructions (by rstones12) can be found here
(Note: Please do NOT run it yet!)

Step 3.
==========
- Reboot computer into " Safe Mode" Using the F8 method:
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
- Use the arrow keys to select the Safe Mode menu item
(Note: For additional help in booting into Safe Mode, see the PC Hel (Can only use one l due to prohibited word) tutorial here)

Step 4.
==========
We need to make sure all Hidden Files are showing so please:
* Open " My Computer" then click on " Tools" and from the drop down menu select " Folder Options".
* Select the " View" tab.
* Under the " Hidden files and folders" heading SELECT " Show hidden files and folders".
* UNCHECK the " Hide file extensions for known types option".
* UNCHECK the " Hide protected operating system files (recommended) option".
* Click " Yes" to confirm.
* Click " OK"

Step 5.
==========
We now need to cleanup all the Temp, Temorary Internet Files, Recycle Bin, etc...
- Start the CCleaner program
- Get into " Options" => Select " Advanced" => Deselect\uncheck " Only delete files in Windows Temp folders older than 48 hours"
- We are only going to work with the "Cleaner" section. (Note: Do not use the "Issues" section)
- click on the Run Cleaner button in the lower right-hand corner
- After complete close program
- Empty Recycle Bin

Step 6.
==========
- start Ewido Security Suite
- Click on " Scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
- Click on " Complete System Scan", the scan will now begin.
- While the scan is in progress you will be promted to clean files, click " OK".
- When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says " Perform action on all infections", then choose " Clean" and click " OK".
- Once the scan has completed, there will be a button located at the bottom of the screen named " Save Report".
- Click " Save Report".
- Now save the report .txt file to your desktop.
- Close Ewido.

Step 7.
==========
- Post back a fresh new HijackThis log
- Post back the Ewido scan log

lk_digitus

8 Posts

October 31st, 2005 21:00

I can't even boot to safemode anymore, explorer fails to initialize.  I try running it from the command prompt with no avail.

lk_digitus

8 Posts

October 31st, 2005 22:00

Logfile of HijackThis v1.99.1
Scan saved at 7:07:59 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Apps\Norton Internet Security\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
C:\Drivers\Razer\razerhid.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\drivers\audigy2\Surround Mixer\CTSysVol.exe
C:\drivers\audigy2\DVDAudio\CTDVDDet.EXE
C:\Apps1\Creative\MediaSource\Detector\CTDetect.exe
D:\WINDOWS\system32\ctfmon.exe
C:\apps1\Trillian3\trillian.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
E:\apps\ewido\security suite\ewidoctrl.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Apps\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\MsPMSPSv.exe
C:\Drivers\Razer\razertra.exe
C:\Drivers\Razer\razerofa.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Messenger\msmsgs.exe
C:\downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pvponline.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.23.108.3:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Apps1\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Apps\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Apps\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Drivers\Razer\razerhid.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] C:\drivers\audigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\drivers\audigy2\DVDAudio\CTDVDDet.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Apps1\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Trillian.lnk = C:\apps1\Trillian3\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\apps1\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Apps1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Apps1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123355802013
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123355792513
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - E:\apps\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - E:\Apps\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Apps\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Apps\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

 

lk_digitus

8 Posts

October 31st, 2005 22:00

I got the command prompt to work in safe mode, explorer still failed to load.  The logs are as follows:

 

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:   6:58:48 PM, 10/31/2005
 + Report-Checksum:  63DD9B7

 + Scan result:

 HKLM\SYSTEM\ControlSet001\Enum\PCI\VEN_1095&DEV_3132&SUBSYS_31321095&REV_01 -> Spyware.PurityScan : Error during cleaning
 HKLM\SYSTEM\ControlSet002\Enum\PCI\VEN_1095&DEV_3132&SUBSYS_31321095&REV_01 -> Spyware.PurityScan : Error during cleaning
 HKLM\SYSTEM\ControlSet003\Enum\PCI\VEN_1095&DEV_3132&SUBSYS_31321095&REV_01 -> Spyware.PurityScan : Error during cleaning
 HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1095&DEV_3132&SUBSYS_31321095&REV_01 -> Spyware.PurityScan : Error during cleaning
 

::Report End

dobhar

1.1K Posts

November 1st, 2005 01:00

Hi...

Are you just having problems getting into Safe Mode??

lk_digitus

8 Posts

November 1st, 2005 02:00

No, I'm able to get into safe mode, just can't get explorer to start up.  I still did everything that needed doing, and it gave me errors in cleaning, as shown in the log above.

dobhar

1.1K Posts

November 1st, 2005 02:00

Hi...

I'm looking into the Ewido log and will post something back but it may not be until tomorow.

Hang in there... :)

lk_digitus

8 Posts

November 1st, 2005 03:00

I'm trying :-D.  Thanks for all of your help, by the way, it really is appreciated.

dobhar

1.1K Posts

November 3rd, 2005 15:00

Hi...

So very sorry for the delay...I am "under the weather". I will get something to you today.

Kent

dobhar

1.1K Posts

November 4th, 2005 06:00

Hi...

Let's run a couple other tools...
____________________________________________________

Step 1.
==========
- Download, install, setup, and run Spybot S&D 1.4 per the instructions found here
(Note: If you already have Spybot make sure it is updated to the latest version and definition, setup per instructions in link, and re run)

Step 2.
==========
- Run Kaspersky Free Online Virus Scanner from here
- Click the Kaspersky Online Scanner button
- A new window will appear. Click " Accept" button (Note: Heed the warning message in the window)
- It will want to download an ActiveX component it requires to run. Allow it! You may be taken back to the first window...just click the " Accept" button again
- It will start installing the ActiveX component. After the ActiveX is installed it will install the Antivirus Databases it requires (Note: This will take a few minutes)
- Once the "Databases" have been downloaded click the " Next => button
- Click on " My Computer" and the scan will begin
- When the scan is done you will be presented with some " Save as" buttons. Please select\click " Save as Text" and save the log to a convenient locataion such as your Desktop
- Post the log back in your next reply

Step 3.
==========
Run Panda's online virus scan from here and perform a full system scan.
- Once you are on the Panda site click the " Scan your PC" button
- A new window will open...click the big " Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your Valid Email
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on " Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
- Post Panda scan results in your next reply

Step 4.
==========
- Post back a fresh new HijackThis log
- Post back Kaspersky scan log
- Post back Panda ActiveScan log

dobhar

1.1K Posts

November 4th, 2005 06:00

Hi again...

Could you also generate a " StartupList" and an " Uninstall list"...
- Run HijackThis and click on Config... button
- Click on Misc Tools button
- Click on Open Uninstall Manager and click on Save List
- Save the uninstall_list.txt to your Desktop
- Open this file in Notepad and copy/past the content in your reply.
- Click the Back button (the one located at the right side of the save list button)
- Put a checkmark in List also minor sections and List empty sections
- Click on Generate StartupList log, anwser Yes and copy/paste the content in your reply.

Was this post helpful?

View All

No Events found!

Top