April 22nd, 2008, 06:25 PM
-
Start up error MS-DOS "cannot load VDM IPX/SPX support" The NTVDM CPU has encountered
Start up error MS-DOS "cannot load VDM IPX/SPX support" The NTVDM CPU has encountered an illegal instruction.
When booting Windows XP Professional Version 2002 SP2 on my desktop, I encounter a pop-up error message showing an MS-DOS screen with "cannot load VDM IPX/SPX support"
and a windows error pop up stating
"6 bit MS-DOS Subsystem
C:\WINDOWS\system32\logcomd.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0564:83dd OP:63 20 66 69 Choose 'Close'to terminate the application.
I have googled for possible causes and searched this forum, but nothing seems quite like my situation (i wasn't attempting to install new programs etc) and the answers are wide ranging and not definitive.
For protection I run ZoneAlarm version:7.0.362.000, TrueVector version:7.0.362.000, Driver version:7.0.362.000 and maintain AVG Free Edition 7.5.524 with almost daily updated virus base. Periodically, I run AVG Anti-Spyware 7.5.1.43 free. And they have pulled up nothing.
I would appreciate someone taking a look at the "health" of my system before I take measures and reformat. In addition, my Internet connection seems to be slower than usual, wtih frequent disconnects. I want to rule out my computer errors before complaining to my ISP.
I have done as the sticky suggests
1) run CCleaner
2) run Malwarebytes' Anti-Malware
3) SUPERAntiSpyware
4) BitDefender
5) HijackThis
Please see the corresponding logs below:
Thx
2) run Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.11
Database version: 670
Scan type: Quick Scan
Objects scanned: 35619
Time elapsed: 7 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3) SUPERAntiSpyware
SUPERAntiSpyware Scan Log
superantispyware.com
Generated 04/23/2008 at 01:01 AM
Application Version : 4.0.1154
Core Rules Database Version : 3444
Trace Rules Database Version: 1436
Scan type : Complete Scan
Total Scan Time : 00:44:49
Memory items scanned : 369
Memory threats detected : 0
Registry items scanned : 5273
Registry threats detected : 0
File items scanned : 35090
File threats detected : 14
Adware.Tracking Cookie
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@adultadworld[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@lucasarts.122.2o7[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@bs.serving-sys[2].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@ads.kompas[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@4.adbrite[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@www.fpctraffic2[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@anad.tacoda[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@adbrite[2].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@ads.usercash[2].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@questionmarket[2].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@tacoda[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@specificclick[2].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@webpower[1].txt
C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@serving-sys[1].txt
4) BitDefender
BitDefender Online Scanner
Scan report generated at: Wed, Apr 23, 2008 - 04:06:35
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time 01:53:20
Files 487263
Folders 7346
Boot Sectors 6
Archives 9426
Packed Files 102607
Results
Identified Viruses 10
Infected Files 16
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 19
Engines Info
Virus Definitions 1174877
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 42
Unpack plugins 7
E-mail plugins 6
System plugins 5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\StartAid Toolbar\startaid.dll
Detected with: Adware.Generic.15459
C:\Program Files\StartAid Toolbar\startaid.dll
Disinfection failed
C:\Program Files\StartAid Toolbar\startaid.dll
Delete failed
C:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032618.dll
Detected with: Adware.Generic.15459
C:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032618.dll
Deleted
D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Generic.15459
D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)
Update failed
D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Softomate.CL
D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007
Deleted
D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)
Update failed
D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe
Detected with: Application.Aseye.ANI
D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe
Disinfection failed
D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe
Deleted
D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip
Updated
H:\jokes\stress_relief.exe
Detected with: Application.Joke.Stressrelief.B
H:\jokes\stress_relief.exe
Disinfection failed
H:\jokes\stress_relief.exe
Deleted
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)
Infected with: Generic.Peed.Eml.7CFFF82E
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)
Disinfection failed
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)
Deleted
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst
Update failed
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)
Infected with: Generic.Peed.Eml.E2A50E4D
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)
Disinfection failed
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)
Deleted
H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst
Update failed
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)
Infected with: Generic.Peed.Eml.7CFFF82E
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)
Disinfection failed
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)
Deleted
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst
Update failed
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)
Infected with: Generic.Peed.Eml.E2A50E4D
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)
Disinfection failed
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)
Deleted
H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst
Update failed
H:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032622.exe
Detected with: Application.Joke.Stressrelief.B
H:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032622.exe
Disinfection failed
H:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032622.exe
Deleted
H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Generic.15459
H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)
Update failed
H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Softomate.CL
H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007
Deleted
H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)
Update failed
H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006
Detected with: Adware.Generic.15459
H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)
Update failed
H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Softomate.CL
H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007
Deleted
H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)
Update failed
H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe
Detected with: Application.Aseye.ANI
H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe
Disinfection failed
H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe
Deleted
H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip
Updated
and finally 5) HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:44 AM, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = endarjo.wordpress.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinMMC] C:\WINDOWS\system32\logcomd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
O9 - Extra 'Tools' menuitem: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - .kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - ://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -://
O17 - HKLM\System\CCS\Services\Tcpip\..\{20CD8CDE-97AB-4AC9-8FB4-74ED3A39D049}: NameServer = 117.103.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E44EB1B8-1BFA-4F16-BB92-2F9183EA9FC6}: NameServer = 117.103.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4598E7B-7F61-44DA-A93F-69C41FD34CB6}: NameServer = 117.103.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9250 bytes
wtih the Hijack Uninstall list
7-Zip 4.42
Adobe Acrobat 6.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
BasicBrowser
Belarc Advisor 7.2
CCleaner (remove only)
Citrix ICA Web Client
Comparator
Edu-Games - Taman Impian Kanak-kanak
FLV Player 2.0, build 24
Free Download Manager 2.0
GIMPshop 2.2.8
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Kaspersky Online Scanner
K-Lite Mega Codec Pack 3.3.0
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.14)
MSXML 6.0 Parser (KB933579)
Picasa 2
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SiSoftware Sandra Lite XIIc
Skype™ 3.5
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
StartAid Toolbar
SUPERAntiSpyware Free Edition
TNREZ
TrueCrypt
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Storage Adapter V2 (TPP)
VB Runtimes Pack, release 7
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Messenger
ZoneAlarm
April 22nd, 2008, 10:23 PM
-
Welcome
Except for a few minor ad ware that was cleaned I dont see any signs of infection.
Open HJT"Rightclick and run as Administrator" and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
Close all windows and browsers except HJT and click fix checked.
Find this folder if it exisits and delete it.
C:\Program Files\StartAid Toolbar
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
* Download the latest version of Java Runtime Environment (JRE) 6 Update 6 from HERE
* Scroll to Java Runtime Environment (JRE) 6 Update 6 and click on the download button
Click on the Accept License Agreement button
Next select
Download Now! Windows Offline Installation, Multi-language
Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.
NEXT-remove all older versions of Java
Go to Start > Control Panel double-click on the Software icon > add/remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select it and click Remove.
* Close any programs you may have running - especially your web browser.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
Neera: The wraith will not allow us to escape.
Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
Neera: You do not fear them?
Sheppard: The wraith, nah.
Now clowns that's another story. They scare the crap out of me.

-
Due to inactivity this topic will be closed.
If you need help please start a new thread.
Neera: The wraith will not allow us to escape.
Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
Neera: You do not fear them?
Sheppard: The wraith, nah.
Now clowns that's another story. They scare the crap out of me.
