vcmain.exe, vcclient.exe, computer reboot
Hi
firstly what an excellant forum.
ok im trying to sort a friends pc. installed broadband on the pc, connected it to internet and think its got sasser worm virus.
I have run symantec fix blast nothing found
fixsasser is searching at the minute, did not find anything
Just installed service pack 2, but not done latest updates.
When i reboot get two pop up screens the first says sumthing about vcmain.exe and the second vcclient.exe.
when i try to connect to the internet after a short while it says its going to reboot in and starts to count down.
Any reccomendations welcome
firstly what an excellant forum.
ok im trying to sort a friends pc. installed broadband on the pc, connected it to internet and think its got sasser worm virus.
I have run symantec fix blast nothing found
fixsasser is searching at the minute, did not find anything
Just installed service pack 2, but not done latest updates.
When i reboot get two pop up screens the first says sumthing about vcmain.exe and the second vcclient.exe.
when i try to connect to the internet after a short while it says its going to reboot in and starts to count down.
Any reccomendations welcome
0
Comments
Logfile of HijackThis v1.99.1
Scan saved at 22:31:27, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\microsloft.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\default\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\mljig.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [wlib32] rundll32.exe C:\WINDOWS\System32\wlib32.dll,start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard1.exe
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\default\Start Menu\Programs\HP DeskJet 640C Series v2.4] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\default\Start Menu\Programs\HP DeskJet 640C Series v2.4"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O20 - Winlogon Notify: mljig - C:\WINDOWS\SYSTEM32\mljig.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Please download VundoFix.exe to your desktop.
**************
VundoFix V4.2.33
Checking Java version...
Sun Java not detected
Scan started at 4:05:54 AM 14/03/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljig.dll
Attempting to delete C:\WINDOWS\system32\mljig.dll
C:\WINDOWS\system32\mljig.dll Could not be deleted.
Performing Repairs to the registry.
Done!
**********************
Logfile of HijackThis v1.99.1
Scan saved at 04:16:21, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\microsloft.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\default\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\mljig.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [wlib32] rundll32.exe C:\WINDOWS\System32\wlib32.dll,start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\lv2809fue.dll
O20 - Winlogon Notify: mljig - C:\WINDOWS\SYSTEM32\mljig.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
****************
when i restart i get a windows box pop up saying:
An exeption occurred while trying to run ""C:\WINDOWS\system32\dsskmon.dll",DllGetversion"
The time before it was sci_ci.dll and time before that think it was sumthin different.
************
also when browsing web sometimes get a pop up with "count1.excitechange.com" in the webaddress, is this sum kind of spyware
thnaks in advance
Please download Look2Me-Destroyer.exe to your desktop.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
After you run this try the VundoFix.exe file again. Post that log along with the Look2Me log and a fresh Hijack This log.
Look2Me-Destroyer V1.0.10
Scanning for infected files.....
Scan started at 14/03/2006 15:10:05
Infected! C:\WINDOWS\system32\lv2809fue.dll
Infected! C:\WINDOWS\SYSTEM32\dsskmon.dll
Infected! C:\WINDOWS\SYSTEM32\q668lgju16o8.dll
Infected! C:\WINDOWS\SYSTEM32\lv2809fue.dll
Infected! C:\WINDOWS\SYSTEM32\q6rqlg9516.dll
Infected! C:\WINDOWS\SYSTEM32\lv0809due.dll
Infected! C:\WINDOWS\SYSTEM32\wHvemsp.dll
Infected! C:\WINDOWS\SYSTEM32\medex.dll
Infected! C:\WINDOWS\SYSTEM32\nkmsevt.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\lv2809fue.dll
C:\WINDOWS\system32\lv2809fue.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\dsskmon.dll
C:\WINDOWS\SYSTEM32\dsskmon.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\q668lgju16o8.dll
C:\WINDOWS\SYSTEM32\q668lgju16o8.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\lv2809fue.dll
C:\WINDOWS\SYSTEM32\lv2809fue.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\q6rqlg9516.dll
C:\WINDOWS\SYSTEM32\q6rqlg9516.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\lv0809due.dll
C:\WINDOWS\SYSTEM32\lv0809due.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\wHvemsp.dll
C:\WINDOWS\SYSTEM32\wHvemsp.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\medex.dll
C:\WINDOWS\SYSTEM32\medex.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\nkmsevt.dll
C:\WINDOWS\SYSTEM32\nkmsevt.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"
HKCR\Clsid\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD472F60-27FA-11cf-B8B4-444553540000}"
HKCR\Clsid\{BD472F60-27FA-11cf-B8B4-444553540000}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"
HKCR\Clsid\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}"
HKCR\Clsid\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{53C74826-AB99-4d33-ACA4-3117F51D3788}"
HKCR\Clsid\{53C74826-AB99-4d33-ACA4-3117F51D3788}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{952614EB-B7E2-4A38-B34E-04FFB0FA0232}"
HKCR\Clsid\{952614EB-B7E2-4A38-B34E-04FFB0FA0232}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
************************************************
VundoFix V4.2.33
Checking Java version...
Sun Java not detected
Scan started at 3:23:14 PM 14/03/2006
Listing files found while scanning....
C:\WINDOWS\system32\khfde.dll
C:\WINDOWS\system32\edfhk.ini
C:\WINDOWS\system32\edfhk.bak1
C:\WINDOWS\SYSTEM32\edfhk.bak1
C:\WINDOWS\SYSTEM32\edfhk.ini
C:\WINDOWS\SYSTEM32\khfde.dll
Attempting to delete C:\WINDOWS\system32\khfde.dll
C:\WINDOWS\system32\khfde.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\edfhk.ini
C:\WINDOWS\system32\edfhk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\edfhk.bak1
C:\WINDOWS\system32\edfhk.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
**************************************************
Logfile of HijackThis v1.99.1
Scan saved at 15:45:13, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\microsloft.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\default\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ifdrv] rundll32.exe C:\WINDOWS\system32\ifdrv.dll,start
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
*************************************************
zone alarm is now blocking one item every few seconds, it is the same program: microsloft.exe
What is it this and how do i remove.
Thanks in advance any for all what yve done so far
You will need to update ewido to the latest definition files.
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.
Once the updates are installed do the following:
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Reboot into normal mode and post the Ewido log along with a fresh Hijack This log.
If i Download and instal Ewido Anti-Malware will it conflict with Spbot, zone alarm or AVG? or is it a different kind of program
Also i have a zone alarm security alert to say "SERVER PROGRAM run a DLL as an App is trying to act as a server" The application is rundll32.exe
and when I restart I always have to end program on rundll32.exe, how do i stop this coming up.
ewido anti-malware - Scan report
+ Created on: 19:49:03, 14/03/2006
+ Report-Checksum: F4A89722
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup
C:\WINDOWS\SYSTEM32\efeef.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxwwt.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\khhhi.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\mljig.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\nnnli.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\opnnl.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddccy.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\gebbb.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\geeff.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\efeba.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\ARIPPAXX.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\nnnnm.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\awvut.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\efcbb.dll -> Downloader.ConHook.y : Cleaned with backup
C:\WINDOWS\TEMP\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\TEMP\__unin__.exe -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\TEMP\cd_clint.dll -> Adware.Cydoor : Cleaned with backup
C:\Program Files\PerfectNav -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\tmp001a0483 -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\tmp000989f2 -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\tmp0004f964 -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\tmp0005c87c -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\tmp0004ddb2 -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temp\tmp00084760 -> Downloader.ConHook.y : Cleaned with backup
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\K52B01UJ\drdata[1].avi -> Dropper.Agent.aac : Cleaned with backup
C:\Documents and Settings\default\Desktop\hijackthis\backups\backup-20060314-015233-983.dll -> Downloader.ConHook.y : Cleaned with backup
C:\mousepad2.exe -> Hijacker.VB.li : Cleaned with backup
::Report End
*************************
Logfile of HijackThis v1.99.1
Scan saved at 20:07:09, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\default\Desktop\Program setups\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ifdrv] rundll32.exe C:\WINDOWS\system32\ifdrv.dll,start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/uk/enu/gen/default.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
**************************
Think im about there???
or may be not
C:\WINDOWS\system32\ifdrv.dll
Please post back with the results of the Jotti scan.
But got a problem.
When i had the computer at my house i connected it to the internet - broadband, using my frineds usb adsl modem with my connection settings (service provider - gotadsl) It all worked ok.
I then set the computer back up tonight at my friends, i replaced the connection settings with my friends (different service provider to me). I dialed ok the little computer came up in the bottom right corner but when opening internet explorer i got the folling error
403 Forbidden
Forbidden
You were denied access because
Accsess denied by access contol list
What does this mean nd what is causing it.
I have tried my laptop with my friends modem and internet settings at there house any the laptop work fine on the internet, so i know there broadband is ok..
could it be that my friends computer (the one we have been dealng with all along) has old ISP registy entries that are conflicting
As i said before could it be that my friends computer (the one we have been dealng with all along) has old ISP registy entries that are conflicting.
I need to some how download something to remove all the old isp registry entrys.
It connects ok. i know this because the little computer comes up in the bottom right corner to say it is connected ok.
Cant get to computer right now.
Like u say it must be something simple.