• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

security update problems.

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#1
Hi
I am just starting a new topic in the right section. Randy has already given me most of the ansers i need. Just some more things i need to know.
Background: got a pc from some to repair - had a lot of virusses on and an old norton.
i thought ok norton = crap = uninstall. ok. Do online scan find 41 viruses. install AVG and it found another 17.
Now: I thought the updates will work but it still cant install them( 69 of them). Now someone told me reinstall windows i think this will be best but the person has programs that cant be deleted. also i for some reason thought if i uninstal ie i can reinstall it but now it has the ie with no add-on. so i cant use the activex control.
i am going to do the other online scans now and do i turn the system restore off and on after the scans?

Thanks for all the help
(sorry for spelling)
 
W

Wolfeymole

#2
Maynard

It seems to me that you have some serious issues with a persons laptop that you are trying to repair, would you agree?

The thing is that you are posting in different forums with regard to different aspects of the next problem that is occurring with this laptop.

Instances of which are here;
http://www.freepchelp.co.uk/forum/t1718-msconfig-help

And here;
http://www.freepchelp.co.uk/forum/t1725-temp-clean

I would ask that you stick to this thread from now on please with regard to this laptop issue.

I hope that is acceptable.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#3
System Restore is turned off than on following the disinfection. This is so the old restore points are cleared, and a new "clean" one installed.

What exactly happens when you try to update?
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#4
Hi
ok i turned off system restore. ran the scans (trendmicro and superantispyware). Deleted all the infected files. Turned system restore on again. When the little icon in the right corner says updates are ready to be installed i click on that and choose express install. it goes and says installing updates. a few seconds later it says the following updates failed to install and lists about 60 files.
Maybe i should install it one by one.

thanks
 
W

Wolfeymole

#6
Thanks mate

Please don't be offended but when posts are made in other forums with regard to the same issue members can lose the thread so to speak.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#7
Search for the installation error code in the Windows Update Troubleshooter

a. Click Start, click All Programs, and then click Windows Update or Microsoft Update.
b. On the Windows Update Web site or on the Microsoft Update Web site, click Review your update history. A window opens that shows all the updates that have been installed or that have failed to install on the computer.
c. In the Status column of this window, locate the update that failed to install, and then click the red X.
A new window opens that displays the installation error code.
d. Note the error number. You will have to type or paste the error number in a search box in the next step.

Please post back with the error code.
 

RandyL

Administrator
Joined
Jan 22, 2003
Messages
4,878
Location
USA, Nebraska
PC Experience
Very Experienced
#9
I don't know. I have seen it before but didn't know what to make of it. Is there a $ sign or something next to the files. It seems to me AdvancedSetup may have mentioned something about such files. Let's see if he posts about that.

In the mean time we still have to determine if your system is clean then fix the damage so you can install the Windows Updates.

All the techs here will do their best to help in this thread. But based on all your other posts this machine is infected badly with trojans and the Windows Updates is a classic issue.

It really might be better to do a destructive recovery and reinstall Windows. After backing up everything first of course. That's up to you but the time put into it may be more practical.

It's your choice as to which direction you choose to go. Backing up everything is a major issue too. The reinstall issues depend on your computer and what disks you may have.

Let us know what you have achieved so far and what options you want to consider.
RandyL
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#10
Hi thanks for the replay.
So far ive done all the scan i can including trendmicro(online),bitdefender(online),AVG(installed) and superantispyware. Seems to me is just the updates now. What i am doing now is i downloaded all the updates one by one took forever to do, and now i am installing them one by one everyone says successful after each installation but i'll see when i am finished, coz i need to restart after each install been busy for hours now. I'll post back if this worked.

Thanks again
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#11
RandyL said:
I don't know. I have seen it before but didn't know what to make of it. Is there a $ sign or something next to the files. It seems to me AdvancedSetup may have mentioned something about such files. Let's see if he posts about that.
Yes there is a $ infront of the name and all of the folder looks like it says $uninstall_(on of the KB files which i know is windows update files) Maybe i must delete these folders and then try update. Or not?
Thanks
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#13
Maynard,

I'm leaning towards Randy's advice, but if you would prefer a proper disinfection, then please follow these steps:

Download ATF cleaner from here:

http://www.atribune.org/content/section/4/30/

When you run it, uncheck Cookies as well as the Recycle bin, then allow ATF to clean.

Download SuperAntiSpyware from www.superantispyware.com. Run the program, update it (very important), then proceed with a COMPLETE Scan. After the reboot open SAS and go to Preferences>Logs. Please copy and paste the SAS log back here.

Now download the HijackThis installer from here:

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Run the program and click Scan Only. Don't make any changes. Copy and paste that log here as well.

Also, what version of IE are you using?
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#14
Hi here is the first scan log i did with superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2008 at 05:58 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 00:52:14

Memory items scanned : 417
Memory threats detected : 0
Registry items scanned : 5207
Registry threats detected : 31
File items scanned : 47256
File threats detected : 81

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{92335157-984B-4692-8405-530335CA9F27}
HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}
HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}\InprocServer32
HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WCIENTTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92335157-984B-4692-8405-530335CA9F27}
HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}

Trojan.WinAntiSpyware 2007
HKLM\System\ControlSet001\Services\ApiMon
C:\WINDOWS\SYSTEM32\DRIVERS\APIMON.SYS
HKLM\System\ControlSet002\Services\ApiMon
HKLM\System\CurrentControlSet\Services\ApiMon
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\activator_info.txt
C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\DownloadWAS7.url
C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\Logs\Activate.log
C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\Logs
C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007
C:\WINDOWS\TEMP\WINANTISPYWARE2007SETUP.EXE

Adware.Tracking Cookie
C:\Documents and Settings\cynthia\Cookies\cynthia@atdmt[1].txt
C:\Documents and Settings\cynthia\Cookies\cynthia@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\arthur\Cookies\arthur@122.2o7[2].txt
C:\Documents and Settings\arthur\Cookies\arthur@atdmt[1].txt
C:\Documents and Settings\arthur\Cookies\arthur@casalemedia[2].txt
C:\Documents and Settings\arthur\Cookies\arthur@statse.webtrendslive[1].txt
C:\Documents and Settings\arthur\Cookies\arthur@winantispyware[2].txt
C:\Documents and Settings\arthur\Cookies\arthur@winantivirus[2].txt
C:\Documents and Settings\cynthia\Cookies\cynthia@ads.revsci[1].txt
C:\Documents and Settings\cynthia\Cookies\cynthia@tracker.icerocket[2].txt
C:\Documents and Settings\cynthia\Cookies\cynthia@winantispyware[1].txt
C:\Documents and Settings\johan\Cookies\johan@mediaplex[1].txt
C:\Documents and Settings\johan\Cookies\johan@msnportal.112.2o7[1].txt
C:\Documents and Settings\johan\Cookies\johan@shop.zanox[2].txt
C:\Documents and Settings\johan\Cookies\johan@stats1.reliablestats[1].txt
C:\Documents and Settings\johan\Cookies\johan@winantispyware[2].txt
C:\Documents and Settings\johan\Cookies\johan@www.winantispyware[1].txt
C:\Documents and Settings\marisca\Cookies\marisca@adtech[2].txt
C:\Documents and Settings\marisca\Cookies\marisca@atdmt[2].txt
C:\Documents and Settings\marisca\Cookies\marisca@mediaplex[1].txt
C:\Documents and Settings\marisca\Cookies\marisca@msnportal.112.2o7[1].txt
C:\Documents and Settings\marisca\Cookies\marisca@winantispyware[2].txt
C:\Documents and Settings\marisca\Cookies\marisca@winantivirus[1].txt
C:\Documents and Settings\marisca\Cookies\marisca@www.winantivirus[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@drivecleaner[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@mediaplex[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@purchase.winantivirus[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@stats1.reliablestats[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@winantispyware[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@winantivirus[1].txt
C:\WINDOWS\Temp\Cookies\cynthia@winantivirus[2].txt
C:\WINDOWS\Temp\Cookies\cynthia@www.winantivirus[1].txt

Trojan.Error Safe Free
C:\Program Files\ErrorSafe Free

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKU\S-1-5-21-3536753268-3652230139-3292127004-1006\Software\WinAntiVirus Pro 2007
HKLM\Software\WinAntiVirus Pro 2007
HKLM\Software\WinAntiVirus Pro 2007#EulUWA7P_0001_N99M2908
HKCR\UWAP7.PCheck.1
HKCR\UWAP7.PCheck.1\CurVer
HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}
HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32
HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32#ThreadingModel
HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\ProgID
HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Programmable
HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\VersionIndependentProgID
HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}
HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0
HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\0
HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\0\win32
HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\FLAGS
HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\HELPDIR
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid32
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib
HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib#Version
C:\WINDOWS\system32\stera.job
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007
C:\UWA7P\Quar
C:\WINDOWS\..\UWA7P
C:\WINDOWS\TEMP\NI.UWA7P_0001_N99M2908\SETUP.EXE

Malware.DriveCleaner
C:\Program Files\Common Files\DriveCleaner Freeware
C:\Documents and Settings\cynthia\Application Data\DriveCleaner Freeware\Logs\update.log
C:\Documents and Settings\cynthia\Application Data\DriveCleaner Freeware\Logs
C:\Documents and Settings\cynthia\Application Data\DriveCleaner Freeware

Adware.Casino Games (Golden Palace Casino)
C:\CASINO\AFRICAN PALACE CASINO\CASINO.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\AFRICAN PALACE CASINO.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AFRICAN PALACE CASINO\AFRICAN PALACE CASINO.LNK

Trojan.Downloader-Gen/LIB
C:\DOCUMENTS AND SETTINGS\CYNTHIA\LOCAL SETTINGS\TEMP\PBYUXEON.DLL

Trace.Known Threat Sources
C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\YCGKN7AN\logo2[1].gif
C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\CB5KZXED\order[1].htm
C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\YCGKN7AN\clear_star[1].gif
C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\70EF7NKC\button[1].gif
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EFK09KUG\arrow_left[1].gif
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EFK09KUG\genpass[1].js
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FOPMGOJQ\secure[1].gif
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FOPMGOJQ\checkinput_2[1].js
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GPY78LI3\cards[1].gif
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0523GDI3\functions_2[1].js
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GPY78LI3\err[1].gif
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#15
Hi here is the hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:31:54 AM, on 2008/02/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11E10787-2469-4EC4-B540-0B2094041015} - C:\WINDOWS\system32\sromoquj.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {4e97753b-03d3-3239-1664-a16097a7ee35} - {53ee7a79-061a-4661-9323-3d30b35779e4} - C:\WINDOWS\system32\dtywcnle.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201948413406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (file missing)
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 7554 bytes
 

RandyL

Administrator
Joined
Jan 22, 2003
Messages
4,878
Location
USA, Nebraska
PC Experience
Very Experienced
#16
Hi manard;
I don't normally do hijackthis logs. Seth does so wait for him. Offhand I don't see anything suspicious.

Is the machine running better? Did you get all the Windows updates to install?

RandyL
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#18
Success!!!!! :) updates installed. all 70 of them. So first installed bitdefender and did a complete scan. Twice. Then when it found nothing i did a repair install of windows. Then whent to the update website and it installed all the updates.

Thanks for Everyone's help