Member Panel

vanII

Hi,
I'm new to site and ,also, a novice when it comes to understanding registry, etc. My pc comes up with an error message that it has encountered a problem and must close everytime I surf the net. Have virus and other protection on pc. Including my log files...can someone help me find the problem and tell me how to clean it up?

Van II

Logfile of HijackThis v1.99.1
Scan saved at 4:08:33 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Windows Live
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dl l
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dl l
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'inetcntrl0002.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116385332312
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

AVG Anti-Spyware 7.5 Results

########GeneralOwnerComplete Test was started.########VirusOwnerIn C:\Program Files\Microsoft AntiSpyware\Quarantine\171000A6-486E-4851-AF97-CC16B4\8A3610E7-EDA2-4759-8192-0DDBAF was "Dialer.17.E" virus found.########VirusOwnerIn C:\Program Files\Microsoft AntiSpyware\Quarantine\DC801F77-C08A-4225-AF6C-E2084C\0AC3C79E-E4A2-41A8-82E4-08586C was "Dialer.17.E" virus found.########GeneralOwnerComplete Test ended. Found 2 infected files.########VirusOwnerC:\Program Files\Microsoft AntiSpyware\Quarantine\171000A6-486E-4851-AF97-CC16B4\8A3610E7-EDA2-4759-8192-0DDBAF was cleaned.########VirusOwnerC:\Program Files\Microsoft AntiSpyware\Quarantine\DC801F77-C08A-4225-AF6C-E2084C\0AC3C79E-E4A2-41A8-82E4-08586C was cleaned.

Thanks for any help!

Pancake · 02:39 AM

I see you are running two anti virus scanner.Two can make things unstable.It better to use just one.

Download LSPfix and save it to your Desktop.

1. Disconnect from the Internet. Go to the LSPFix file and extract/unzip LSPFix.zip into its own folder C:\Lspfix.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
2. Open the Lspfix folder and double-click on LSPFix.exe to start the program.
3. Check the "I know what I am doing" checkbox.
4. Select (highlight) all instances of inetcntrl0002.dll in the left column under "Keep".
5. Click the arrows >> so that the file goes over to the right column under "Remove".
6. Click "Finish" and LSPFix will remove references to the file and restore the chain numbers.

Download and install AVG Anti-Spyware 7.5
(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

Press "OK".
Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so may hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

vanII

Pancake,
Thanks for the help...here's the log report as you asked ... What do you think? BTW, I couldn't get my pc to open in safe mode w/ F8 key...had to do it manually.??
Van II

Saturday, November 11, 2006, 12:37:10 PM (03192) Log file started
Saturday, November 11, 2006, 12:37:10 PM (00000) "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
Saturday, November 11, 2006, 12:37:15 PM (03196) Running in uninstall mode.
Saturday, November 11, 2006, 12:37:17 PM (00000) PathPFW - Result = <empty>
Saturday, November 11, 2006, 12:37:18 PM (00000) *** InitEnrollment - Result = 1
Saturday, November 11, 2006, 12:37:19 PM (00000) EnrollTarget - Result = C:\Program Files\CA\CA Internet Security Suite\caunst.exe
Saturday, November 11, 2006, 12:37:19 PM (03194) Adding 'C:\Program Files\CA\CA Internet Security Suite\caunst.exe' to trusted application list
Saturday, November 11, 2006, 12:37:20 PM (03191) Checking installation requirements for CA Internet Security Suite ...
Saturday, November 11, 2006, 12:37:20 PM (03183) Checking permissions on registry keys ...
Saturday, November 11, 2006, 12:37:20 PM (03172) Checking permissions on directories ...
Saturday, November 11, 2006, 12:37:20 PM (03201) Checking for other user sessions ...
Saturday, November 11, 2006, 12:37:21 PM (03191) Checking installation requirements for CA Anti-Virus ...
Saturday, November 11, 2006, 12:37:21 PM (03183) Checking permissions on registry keys ...
Saturday, November 11, 2006, 12:37:22 PM (03172) Checking permissions on directories ...
Saturday, November 11, 2006, 12:37:52 PM (00000) CA Anti-Virus
Saturday, November 11, 2006, 12:37:52 PM (03200) Adding applications to trusted program list ...
Saturday, November 11, 2006, 12:37:52 PM (00000) PathPFW - Result = <empty>
Saturday, November 11, 2006, 12:37:52 PM (00000) *** InitEnrollment - Result = 1
Saturday, November 11, 2006, 12:37:52 PM (00000) EnrollTarget - Result = C:\Program Files\CA\CA Internet Security Suite\caunst.exe
Saturday, November 11, 2006, 12:37:52 PM (03194) Adding 'C:\Program Files\CA\CA Internet Security Suite\caunst.exe' to trusted application list
Saturday, November 11, 2006, 12:37:52 PM (00000) PathPFW - Result = <empty>
Saturday, November 11, 2006, 12:37:52 PM (00000) *** InitEnrollment - Result = 1
Saturday, November 11, 2006, 12:37:52 PM (00000) EnrollTarget - Result = C:\Program Files\CA\CA Internet Security Suite\caunst.exe
Saturday, November 11, 2006, 12:37:52 PM (03194) Adding 'C:\Program Files\CA\CA Internet Security Suite\caunst.exe' to trusted application list
Saturday, November 11, 2006, 12:37:52 PM (00000) caav.exe - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) cavrep.exe - Result = 1
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) isafe.exe - Result = 2
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) vetmsg.exe - Result = 3
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) *** RemoveFirewallTrustedApps - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) CA Internet Security Suite
Saturday, November 11, 2006, 12:37:53 PM (03200) Adding applications to trusted program list ...
Saturday, November 11, 2006, 12:37:53 PM (00000) PathPFW - Result = <empty>
Saturday, November 11, 2006, 12:37:53 PM (00000) *** InitEnrollment - Result = 1
Saturday, November 11, 2006, 12:37:53 PM (00000) EnrollTarget - Result = C:\Program Files\CA\CA Internet Security Suite\caunst.exe
Saturday, November 11, 2006, 12:37:53 PM (03194) Adding 'C:\Program Files\CA\CA Internet Security Suite\caunst.exe' to trusted application list
Saturday, November 11, 2006, 12:37:53 PM (00000) PathPFW - Result = <empty>
Saturday, November 11, 2006, 12:37:53 PM (00000) *** InitEnrollment - Result = 1
Saturday, November 11, 2006, 12:37:53 PM (00000) EnrollTarget - Result = C:\Program Files\CA\CA Internet Security Suite\caunst.exe
Saturday, November 11, 2006, 12:37:53 PM (03194) Adding 'C:\Program Files\CA\CA Internet Security Suite\caunst.exe' to trusted application list
Saturday, November 11, 2006, 12:37:53 PM (00000) casecuritycenter.exe - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) cctray\cctray.exe - Result = 1
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) ccupdate\ccupdate.exe - Result = 2
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:53 PM (00000) licreg.exe - Result = 3
Saturday, November 11, 2006, 12:37:53 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:54 PM (00000) caunst.exe - Result = 4
Saturday, November 11, 2006, 12:37:54 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:37:54 PM (00000) *** RemoveFirewallTrustedApps - Result = 0
Saturday, November 11, 2006, 12:37:54 PM (03197) Uninstalling CA Anti-Virus ...
Saturday, November 11, 2006, 12:38:21 PM (00000) "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe" /Silent
Saturday, November 11, 2006, 12:40:00 PM (00000) ExitCodeProcess = 0
Saturday, November 11, 2006, 12:40:00 PM (03186) Removing license data ...
Saturday, November 11, 2006, 12:40:00 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:00 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:01 PM (03199) Updating registry ...
Saturday, November 11, 2006, 12:40:01 PM (03188) Removing uninstall information ...
Saturday, November 11, 2006, 12:40:02 PM (03197) Uninstalling CA Internet Security Suite ...
Saturday, November 11, 2006, 12:40:04 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:04 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:10 PM (03186) Removing license data ...
Saturday, November 11, 2006, 12:40:10 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:10 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:10 PM (03199) Updating registry ...
Saturday, November 11, 2006, 12:40:10 PM (03188) Removing uninstall information ...
Saturday, November 11, 2006, 12:40:11 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:11 PM (03187) Removing shortcuts from Start Menu ...
Saturday, November 11, 2006, 12:40:13 PM (00000) PathPFW - Result = <empty>
Saturday, November 11, 2006, 12:40:13 PM (00000) *** InitEnrollment - Result = 1
Saturday, November 11, 2006, 12:40:13 PM (00000) EnrollTarget - Result = C:\Program Files\CA\CA Internet Security Suite\caunst.exe
Saturday, November 11, 2006, 12:40:13 PM (03194) Adding 'C:\Program Files\CA\CA Internet Security Suite\caunst.exe' to trusted application list
Saturday, November 11, 2006, 12:40:13 PM (00000) UnenrollResult - Result = 0
Saturday, November 11, 2006, 12:40:27 PM (03173) Log file finished - Result = 0
+++ --- +++ --- +++
Saturday, November 11, 2006, 12:45:38 PM (00000) "C:\DOCUME~1\Owner\LOCALS~1\Temp\cacu_001.exe" /cleanup
Saturday, November 11, 2006, 12:45:39 PM (03173) - = 0
+++ --- +++ --- +++
Saturday, November 11, 2006, 12:45:40 PM (00000) "C:\DOCUME~1\Owner\LOCALS~1\Temp\cazz_001.exe" /null
Saturday, November 11, 2006, 12:45:40 PM (03173) - = 0
+++ --- +++ --- +++

Pancake

Can you post a new HJT log please..

vanII

I'm sorry I forgot to add the hjt log...I hope I'm doing everything right.
Thank you for your help !

Van II

Logfile of HijackThis v1.99.1
Scan saved at 9:08:50 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Windows Live
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dl l
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dl l
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'inetcntrl0002.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02b.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116385332312
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Pancake

Your log looks fine now.

vanII

Even though the log looks fine, I still have error message and when I close internet explorer it closes and another blank window, "Blank Page-windows Internet Explorer" is left and doesn't close. That's when the "Internet Explorer has encountered a problem" error message window pops up. Doesn't that mean that there's still a spyware thing going on?
Van II

Member Panel

Sponsors and Ads

Noticeboard