#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2008
    Location
    Jogjakarta, Indonesia
    Posts
    1
    Rep Power
    0

    Start up error MS-DOS "cannot load VDM IPX/SPX support" The NTVDM CPU has encountered


    Start up error MS-DOS "cannot load VDM IPX/SPX support" The NTVDM CPU has encountered an illegal instruction.

    When booting Windows XP Professional Version 2002 SP2 on my desktop, I encounter a pop-up error message showing an MS-DOS screen with "cannot load VDM IPX/SPX support"

    and a windows error pop up stating
    "6 bit MS-DOS Subsystem
    C:\WINDOWS\system32\logcomd.exe
    The NTVDM CPU has encountered an illegal instruction.
    CS:0564:83dd OP:63 20 66 69 Choose 'Close'to terminate the application.

    I have googled for possible causes and searched this forum, but nothing seems quite like my situation (i wasn't attempting to install new programs etc) and the answers are wide ranging and not definitive.
    For protection I run ZoneAlarm version:7.0.362.000, TrueVector version:7.0.362.000, Driver version:7.0.362.000 and maintain AVG Free Edition 7.5.524 with almost daily updated virus base. Periodically, I run AVG Anti-Spyware 7.5.1.43 free. And they have pulled up nothing.

    I would appreciate someone taking a look at the "health" of my system before I take measures and reformat. In addition, my Internet connection seems to be slower than usual, wtih frequent disconnects. I want to rule out my computer errors before complaining to my ISP.


    I have done as the sticky suggests
    1) run CCleaner
    2) run Malwarebytes' Anti-Malware
    3) SUPERAntiSpyware
    4) BitDefender
    5) HijackThis
    Please see the corresponding logs below:
    Thx

    2) run Malwarebytes' Anti-Malware

    Malwarebytes' Anti-Malware 1.11
    Database version: 670

    Scan type: Quick Scan
    Objects scanned: 35619
    Time elapsed: 7 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Softomate) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    3) SUPERAntiSpyware

    SUPERAntiSpyware Scan Log
    superantispyware.com

    Generated 04/23/2008 at 01:01 AM

    Application Version : 4.0.1154

    Core Rules Database Version : 3444
    Trace Rules Database Version: 1436

    Scan type : Complete Scan
    Total Scan Time : 00:44:49

    Memory items scanned : 369
    Memory threats detected : 0
    Registry items scanned : 5273
    Registry threats detected : 0
    File items scanned : 35090
    File threats detected : 14

    Adware.Tracking Cookie
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@adultadworld[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@lucasarts.122.2o7[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@bs.serving-sys[2].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@ads.kompas[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@4.adbrite[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@www.fpctraffic2[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@anad.tacoda[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@adbrite[2].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@ads.usercash[2].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@questionmarket[2].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@tacoda[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@specificclick[2].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@webpower[1].txt
    C:\Documents and Settings\Byron N. Rogalski\Cookies\byron_n._rogalski@serving-sys[1].txt


    4) BitDefender

    BitDefender Online Scanner
    Scan report generated at: Wed, Apr 23, 2008 - 04:06:35
    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;

    Statistics
    Time 01:53:20
    Files 487263
    Folders 7346
    Boot Sectors 6
    Archives 9426
    Packed Files 102607

    Results
    Identified Viruses 10
    Infected Files 16
    Suspect Files 0
    Warnings 0
    Disinfected 0
    Deleted Files 19

    Engines Info
    Virus Definitions 1174877

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins 16
    Archive plugins 42
    Unpack plugins 7
    E-mail plugins 6
    System plugins 5

    Scan Settings
    First Action


    Disinfect

    Second Action


    Delete

    Heuristics


    Yes

    Enable Warnings


    Yes

    Scanned Extensions


    *;

    Exclude Extensions




    Scan Emails


    Yes

    Scan Archives


    Yes

    Scan Packed


    Yes

    Scan Files


    Yes

    Scan Boot


    Yes








    Scanned File


    Status

    C:\Program Files\StartAid Toolbar\startaid.dll


    Detected with: Adware.Generic.15459

    C:\Program Files\StartAid Toolbar\startaid.dll


    Disinfection failed

    C:\Program Files\StartAid Toolbar\startaid.dll


    Delete failed

    C:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032618.dll


    Detected with: Adware.Generic.15459

    C:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032618.dll


    Deleted

    D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006


    Detected with: Adware.Generic.15459

    D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006


    Deleted

    D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)


    Update failed

    D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007


    Detected with: Adware.Softomate.CL

    D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007


    Deleted

    D:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)


    Update failed

    D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe


    Detected with: Application.Aseye.ANI

    D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe


    Disinfection failed

    D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe


    Deleted

    D:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip


    Updated

    H:\jokes\stress_relief.exe


    Detected with: Application.Joke.Stressrelief.B

    H:\jokes\stress_relief.exe


    Disinfection failed

    H:\jokes\stress_relief.exe


    Deleted

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)


    Infected with: Generic.Peed.Eml.7CFFF82E

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)


    Disinfection failed

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)


    Deleted

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst


    Update failed

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)


    Infected with: Generic.Peed.Eml.E2A50E4D

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)


    Disinfection failed

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)


    Deleted

    H:\PERSONAL\compaq backup mar 20'08\OUTLOOK BACKUP\Dian Outlookarchive backup.pst


    Update failed

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)


    Infected with: Generic.Peed.Eml.7CFFF82E

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)


    Disinfection failed

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: You've received a greeting card from a School friend!][From: FunnyPostcard.Com]=>(body)=>(Compressed Rtf)


    Deleted

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst


    Update failed

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)


    Infected with: Generic.Peed.Eml.E2A50E4D

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)


    Disinfection failed

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst=>[Subject: School-mate sent you a greeting card from Greeting-Cards.Com!][From: Greeting-Cards.Com]=>(body)=>(Compressed Rtf)


    Deleted

    H:\PERSONAL\compaq backup mar 20'08\_TegalWaras docs\Dian Outlookarchive.pst


    Update failed

    H:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032622.exe


    Detected with: Application.Joke.Stressrelief.B

    H:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032622.exe


    Disinfection failed

    H:\System Volume Information\_restore{D10F1871-79CB-47D6-8876-6C7FCAF51322}\RP80\A0032622.exe


    Deleted

    H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006


    Detected with: Adware.Generic.15459

    H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006


    Deleted

    H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)


    Update failed

    H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007


    Detected with: Adware.Softomate.CL

    H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007


    Deleted

    H:\_MASTER\PROGRAMS\Browsers\IE addon\startaid.exe=>(NSIS o)


    Update failed

    H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006


    Detected with: Adware.Generic.15459

    H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0006


    Deleted

    H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)


    Update failed

    H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007


    Detected with: Adware.Softomate.CL

    H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)=>lzma_solid_nsis0007


    Deleted

    H:\_MASTER\PROGRAMS\sync options\startaid.exe=>(NSIS o)


    Update failed

    H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe


    Detected with: Application.Aseye.ANI

    H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe


    Disinfection failed

    H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip=>tc32_v601_pro_activat or.exe


    Deleted

    H:\_MASTER\PROGRAMS\Utilities\TotalCommander\totalcommanderv6.01patchssdd.zip


    Updated


    and finally 5) HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:51:44 AM, on 23/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = endarjo.wordpress.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [WinMMC] C:\WINDOWS\system32\logcomd.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
    O9 - Extra 'Tools' menuitem: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - .kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - ://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -://
    O17 - HKLM\System\CCS\Services\Tcpip\..\{20CD8CDE-97AB-4AC9-8FB4-74ED3A39D049}: NameServer = 117.103.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E44EB1B8-1BFA-4F16-BB92-2F9183EA9FC6}: NameServer = 117.103.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4598E7B-7F61-44DA-A93F-69C41FD34CB6}: NameServer = 117.103.0.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9250 bytes


    wtih the Hijack Uninstall list
    7-Zip 4.42
    Adobe Acrobat 6.0 Professional
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Apple Software Update
    AVG 7.5
    AVG Anti-Spyware 7.5
    BasicBrowser
    Belarc Advisor 7.2
    CCleaner (remove only)
    Citrix ICA Web Client
    Comparator
    Edu-Games - Taman Impian Kanak-kanak
    FLV Player 2.0, build 24
    Free Download Manager 2.0
    GIMPshop 2.2.8
    HijackThis 2.0.2
    Hotfix for Windows XP (KB915865)
    J2SE Runtime Environment 5.0 Update 7
    Java(TM) 6 Update 2
    Java(TM) 6 Update 5
    Kaspersky Online Scanner
    K-Lite Mega Codec Pack 3.3.0
    Logitech QuickCam Software
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Mozilla Firefox (2.0.0.14)
    MSXML 6.0 Parser (KB933579)
    Picasa 2
    QuickTime
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946026)
    SiSoftware Sandra Lite XIIc
    Skype™ 3.5
    SoundMAX
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    StartAid Toolbar
    SUPERAntiSpyware Free Edition
    TNREZ
    TrueCrypt
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    USB Storage Adapter V2 (TPP)
    VB Runtimes Pack, release 7
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Presentation Foundation
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Yahoo! Messenger
    ZoneAlarm
  2. #2
  3. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Welcome


    Except for a few minor ad ware that was cleaned I dont see any signs of infection.



    Open HJT"Rightclick and run as Administrator" and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


    O3 - Toolbar: StartAid Toolbar - {A5CFACA7-C22D-4A79-B0A9-24281F4DA96E} - C:\Program Files\StartAid Toolbar\startaid.dll (file missing)

    Close all windows and browsers except HJT and click fix checked.



    Find this folder if it exisits and delete it.
    C:\Program Files\StartAid Toolbar


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    * Download the latest version of Java Runtime Environment (JRE) 6 Update 6 from HERE
    * Scroll to Java Runtime Environment (JRE) 6 Update 6 and click on the download button

    Click on the Accept License Agreement button
    Next select
    Download Now! Windows Offline Installation, Multi-language

    Now close all windows, including your browser.
    Double click on the Java installation that you downloaded and follow the prompts.

    NEXT-remove all older versions of Java
    Go to Start > Control Panel double-click on the Software icon > add/remove programs.
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    Select it and click Remove.
    * Close any programs you may have running - especially your web browser.
    * Repeat as many times as necessary to remove each Java versions.
    * Reboot your computer once all Java components are removed.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  4. #3
  5. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Due to inactivity this topic will be closed.
    If you need help please start a new thread.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.


IMN logo majestic logo threadwatch logo seochat tools logo