Error on downloading Activescan
i need help here. I got pop ups all over and my friend recommends me "panda scan" online scanning. however, the below message appears:
Error on downloading ActiveScan
An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again
Possible causes of this error are:
Not allowing the application's ActiveX control to be downloaded.
Problems with the Internet connection.
The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...
I have restarted my com multiple times, but to no avail.
Can someone help?
thanks very much.
Error on downloading ActiveScan
An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again
Possible causes of this error are:
Not allowing the application's ActiveX control to be downloaded.
Problems with the Internet connection.
The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...
I have restarted my com multiple times, but to no avail.
Can someone help?
thanks very much.
0
Comments
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.
- Double click on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.Logfile of HijackThis v1.99.1
Scan saved at 00:28:25, on 14/01/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SG9nYW4\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\KickBackSpam\kbsupdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\hogan\Desktop\HijackThis.exe
O4 - HKCU\..\Run: [sysmon.exe] ""
O4 - HKCU\..\Run: [adsldp] "C:\WINDOWS\System32\adsldp.exe"
O4 - HKCU\..\Run: [c_g18030] "C:\WINDOWS\System32\c_g18030.exe"
O4 - HKCU\..\Run: [srsvc] "C:\WINDOWS\System32\srsvc.exe"
O4 - HKCU\..\Run: [msvidc32] "C:\WINDOWS\System32\msvidc32.exe"
O4 - HKCU\..\Run: [kbdycl] "C:\WINDOWS\System32\kbdycl.exe"
O4 - HKCU\..\Run: [kbdcan] "C:\WINDOWS\System32\kbdcan.exe"
O4 - HKCU\..\Run: [erv33260] "C:\WINDOWS\System32\erv33260.exe"
O4 - HKCU\..\Run: [odbc32gt] "C:\WINDOWS\System32\odbc32gt.exe"
O4 - HKCU\..\Run: [devmgr] "C:\WINDOWS\System32\devmgr.exe"
O4 - HKCU\..\Run: [cmcfg32] "C:\WINDOWS\System32\cmcfg32.exe"
O4 - HKCU\..\Run: [vga64k] "C:\WINDOWS\System32\vga64k.exe"
O4 - HKCU\..\Run: [mycomput] "C:\WINDOWS\System32\mycomput.exe"
O4 - HKCU\..\Run: [olepro32] "C:\WINDOWS\System32\olepro32.exe"
O4 - HKCU\..\Run: [KbsUpdt] C:\Program Files\KickBackSpam\kbsupdt.exe
O4 - HKCU\..\Run: [moricons] "C:\WINDOWS\System32\moricons.exe"
O4 - HKCU\..\Run: [wups] "C:\WINDOWS\System32\wups.exe"
O4 - HKCU\..\Run: [wshtcpip] "C:\WINDOWS\System32\wshtcpip.exe"
O4 - HKCU\..\Run: [hal] "C:\WINDOWS\System32\hal.exe"
O4 - HKCU\..\Run: [docprop2] "C:\WINDOWS\System32\docprop2.exe"
O4 - HKCU\..\Run: [msvcrt20] "C:\WINDOWS\System32\msvcrt20.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\l04q0ah5ed4.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9nYW4\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Hope you don't mind. Thanks.
You dont have XP1a and unless you do, there is no point in continuing as you will get infected as soon as you connect to the internet. Please do the following:
I would like you now to download a Free Anti-Virus program and a Free Software Firewall.
Choose ONE Firewall
Zone Alarm << Easy to use (recommended).
Sygate
Sunbelt Kerio PF
Choose ONE Anti-Virus
Nod32
AVG Free Edition << I would suggest this.
AntiVir
avast! 4 Home Edition
Update the Anti-Virus definitions and do a Full System Scan.
This bit is very important. Please go to Windows Update and download Service Pack 1a (SP1a) and any other important updates. Do NOT download Service Pack 2 (SP2), as your computer is still infected.
If your having problems with Windows Update, then download Service Pack 1a from here,
Once these three things have been done, please reboot and post a new HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 03:37:30, on 14/01/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\mycomput.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SG9nYW4\command.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\hogan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [sysmon.exe] ""
O4 - HKCU\..\Run: [adsldp] "C:\WINDOWS\System32\adsldp.exe"
O4 - HKCU\..\Run: [c_g18030] "C:\WINDOWS\System32\c_g18030.exe"
O4 - HKCU\..\Run: [srsvc] "C:\WINDOWS\System32\srsvc.exe"
O4 - HKCU\..\Run: [odbc32gt] "C:\WINDOWS\System32\odbc32gt.exe"
O4 - HKCU\..\Run: [mycomput] "C:\WINDOWS\System32\mycomput.exe"
O4 - HKCU\..\Run: [KbsUpdt] C:\Program Files\KickBackSpam\kbsupdt.exe
O4 - HKCU\..\Run: [moricons] "C:\WINDOWS\System32\moricons.exe"
O4 - HKCU\..\Run: [msvcrt20] "C:\WINDOWS\System32\msvcrt20.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142827132547
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\lvjo0913e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9nYW4\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe\
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WINDOWS\System32\mycomput.exe
C:\WINDOWS\SG9nYW4\command.exe
C:\WINDOWS\System32\adsldp.exe
C:\WINDOWS\System32\c_g18030.exe
C:\WINDOWS\System32\srsvc.exe
C:\WINDOWS\System32\odbc32gt.exe
C:\WINDOWS\System32\moricons.exe
C:\WINDOWS\System32\msvcrt20.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain
Next, click "Back" under Other stuff towards the bottom right.
Now, towards the bottom left, under "Scan & fix stuff" press the Scan button.
Please check the following entries, making sure there is a TICK inside the boxes.
O4 - HKCU\..\Run: [sysmon.exe] ""
O4 - HKCU\..\Run: [adsldp] "C:\WINDOWS\System32\adsldp.exe"
O4 - HKCU\..\Run: [c_g18030] "C:\WINDOWS\System32\c_g18030.exe"
O4 - HKCU\..\Run: [srsvc] "C:\WINDOWS\System32\srsvc.exe"
O4 - HKCU\..\Run: [odbc32gt] "C:\WINDOWS\System32\odbc32gt.exe"
O4 - HKCU\..\Run: [mycomput] "C:\WINDOWS\System32\mycomput.exe"
O4 - HKCU\..\Run: [moricons] "C:\WINDOWS\System32\moricons.exe"
O4 - HKCU\..\Run: [msvcrt20] "C:\WINDOWS\System32\msvcrt20.exe"
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\lvjo0913e.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9nYW4\command.exe
Close ALL open windows (Especially Internet Explorer!) and click Fix Checked.
View Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Find and Delete the following, if found:
C:\WINDOWS\SG9nYW4 << This folder
C:\WINDOWS\system32\lvjo0913e.dll << This file
C:\WINDOWS\System32\msvcrt20.exe << This file
C:\WINDOWS\System32\moricons.exe << This file
C:\WINDOWS\System32\odbc32gt.exe << This file
C:\WINDOWS\System32\srsvc.exe << This file
C:\WINDOWS\System32\c_g18030.exe << This file
C:\WINDOWS\System32\adsldp.exe << This file
C:\WINDOWS\System32\mycomput.exe << This file
=====
Reboot and post a new HJT log
theres a few problem:
1) I cannot kill this process: c:\windows\SG9nYW4\command.exe
it says:
" the selected process could not be killed. It may have already closed, or it may be protected by windows.
The process might be a service, which you can stop from the service Applet in the Admin Tools.( to load this window, click start, run and enter 'service.msc' ) ".
Should I follow the instructions?
2) Secondly, all these you posted in green, I removed but when I reboot my computer they are still there. I tried multiple times but result is still the same:
O4 - HKCU\..\Run: [sysmon.exe] ""
O4 - HKCU\..\Run: [adsldp] "C:\WINDOWS\System32\adsldp.exe"
O4 - HKCU\..\Run: [c_g18030] "C:\WINDOWS\System32\c_g18030.exe"
O4 - HKCU\..\Run: [srsvc] "C:\WINDOWS\System32\srsvc.exe"
O4 - HKCU\..\Run: [odbc32gt] "C:\WINDOWS\System32\odbc32gt.exe"
O4 - HKCU\..\Run: [mycomput] "C:\WINDOWS\System32\mycomput.exe"
O4 - HKCU\..\Run: [moricons] "C:\WINDOWS\System32\moricons.exe"
O4 - HKCU\..\Run: [msvcrt20] "C:\WINDOWS\System32\msvcrt20.exe"
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\lvjo0913e.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9nYW4\command.exe
3) Thirdly, I have problems updating Serive Pack 1a. This showed up when they are checking for available updates. So the only available update is Service pack 2(as shown):
Review and Install Updates
Install Updates Download size (total): 75 MB
Estimated time at your connection speed: 32 minutes
High-priority updates
This update can have system-wide effects or address more than one problem. It must be installed separately from other updates.
We recommend you install it and then return to our home page to check if your computer needs other high-priority updates.
Microsoft Windows XP
Windows XP Service Pack 2
here is the new log file:
Logfile of HijackThis v1.99.1
Scan saved at 21:14:39, on 22/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SG9nYW4\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Documents and Settings\hogan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [sysmon.exe] ""
O4 - HKCU\..\Run: [adsldp] "C:\WINDOWS\System32\adsldp.exe"
O4 - HKCU\..\Run: [c_g18030] "C:\WINDOWS\System32\c_g18030.exe"
O4 - HKCU\..\Run: [srsvc] "C:\WINDOWS\System32\srsvc.exe"
O4 - HKCU\..\Run: [mycomput] "C:\WINDOWS\System32\mycomput.exe"
O4 - HKCU\..\Run: [KbsUpdt] C:\Program Files\KickBackSpam\kbsupdt.exe
O4 - HKCU\..\Run: [moricons] "C:\WINDOWS\System32\moricons.exe"
O4 - HKCU\..\Run: [msvcrt20] "C:\WINDOWS\System32\msvcrt20.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142827132547
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IME - C:\WINDOWS\system32\lvjo0913e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9nYW4\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
thanks a lot for your help
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
When installing the program, under "Additonal Options" uncheck...
- Install background guard
- Install scan via context menu
Once installed, update the definitions to the newest files. Do NOT run a scan yet.Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run Ewido
(Do not use the computer while Ewido is scanning as it may interfere with the scan)
- Click on scanner
- Click Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoRestart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
When I run Ewido, whether in safe mode or normal mode, my computer hangs everytime when I'm scanning. I always have this problem of computer hanging because the motherboard is too weak. When I run programs like photoshop, or sometimes even microsoft powerpoint, it has the tendency to hang. My motherboard is a cheap, made in China, integrated everything. So I think I will give up running ewido.
But Thanks for all these help, and at least it has stopped the problem of pop ups every 3 - 5 minutes.
Thanks for your great help ans i really appreciate it.
Once again, thanks
Your log is still not showing Service Pack 1a. I would like you to download it from here please
After that, post a new HJT log