security update problems.

[maynardvdm]

Hi

I am just starting a new topic in the right section. Randy has already given me most of the ansers i need. Just some more things i need to know.

Background: got a pc from some to repair - had a lot of virusses on and an old norton.

i thought ok norton = crap = uninstall. ok. Do online scan find 41 viruses. install AVG and it found another 17.

Now: I thought the updates will work but it still cant install them( 69 of them). Now someone told me reinstall windows i think this will be best but the person has programs that cant be deleted. also i for some reason thought if i uninstal ie i can reinstall it but now it has the ie with no add-on. so i cant use the activex control.

i am going to do the other online scans now and do i turn the system restore off and on after the scans?

 

Thanks for all the help

(sorry for spelling)

[Guest Wolfeymole]

Maynard

 

It seems to me that you have some serious issues with a persons laptop that you are trying to repair, would you agree?

 

The thing is that you are posting in different forums with regard to different aspects of the next problem that is occurring with this laptop.

 

Instances of which are here;

http://extremetechsupport.com/forum/t1718-msconfig-help

 

And here;

http://extremetechsupport.com/forum/t1725-temp-clean

 

I would ask that you stick to this thread from now on please with regard to this laptop issue.

 

I hope that is acceptable.

[Seth]

System Restore is turned off than on following the disinfection. This is so the old restore points are cleared, and a new "clean" one installed.

 

What exactly happens when you try to update?

[maynardvdm]

Hi

ok i turned off system restore. ran the scans (trendmicro and superantispyware). Deleted all the infected files. Turned system restore on again. When the little icon in the right corner says updates are ready to be installed i click on that and choose express install. it goes and says installing updates. a few seconds later it says the following updates failed to install and lists about 60 files.

Maybe i should install it one by one.

 

thanks

[maynardvdm]

Maynard

 

I would ask that you stick to this thread from now on please with regard to this laptop issue.

 

I hope that is acceptable.

sorry about that, i'll keep to this thread.

[Guest Wolfeymole]

Thanks mate

 

Please don't be offended but when posts are made in other forums with regard to the same issue members can lose the thread so to speak.

[Seth]

Search for the installation error code in the Windows Update Troubleshooter

 

a. Click Start, click All Programs, and then click Windows Update or Microsoft Update.

b. On the Windows Update Web site or on the Microsoft Update Web site, click Review your update history. A window opens that shows all the updates that have been installed or that have failed to install on the computer.

c. In the Status column of this window, locate the update that failed to install, and then click the red X.

A new window opens that displays the installation error code.

d. Note the error number. You will have to type or paste the error number in a search box in the next step.

 

Please post back with the error code.

[maynardvdm]

ok ill do that now. also i noticed in the windows folder some of the folder names are blue is that normal?

[RandyL]

I don't know. I have seen it before but didn't know what to make of it. Is there a $ sign or something next to the files. It seems to me AdvancedSetup may have mentioned something about such files. Let's see if he posts about that.

 

In the mean time we still have to determine if your system is clean then fix the damage so you can install the Windows Updates.

 

All the techs here will do their best to help in this thread. But based on all your other posts this machine is infected badly with trojans and the Windows Updates is a classic issue.

 

It really might be better to do a destructive recovery and reinstall Windows. After backing up everything first of course. That's up to you but the time put into it may be more practical.

 

It's your choice as to which direction you choose to go. Backing up everything is a major issue too. The reinstall issues depend on your computer and what disks you may have.

 

Let us know what you have achieved so far and what options you want to consider.

RandyL

[maynardvdm]

Hi thanks for the replay.

So far ive done all the scan i can including trendmicro(online),bitdefender(online),AVG(installed) and superantispyware. Seems to me is just the updates now. What i am doing now is i downloaded all the updates one by one took forever to do, and now i am installing them one by one everyone says successful after each installation but i'll see when i am finished, coz i need to restart after each install been busy for hours now. I'll post back if this worked.

 

Thanks again

[maynardvdm]

I don't know. I have seen it before but didn't know what to make of it. Is there a $ sign or something next to the files. It seems to me AdvancedSetup may have mentioned something about such files. Let's see if he posts about that.

Yes there is a $ infront of the name and all of the folder looks like it says $uninstall_(on of the KB files which i know is windows update files) Maybe i must delete these folders and then try update. Or not?

Thanks

[maynardvdm]

Ahh. Dont worry i know what they are.

Go here

[Seth]

Maynard,

 

I'm leaning towards Randy's advice, but if you would prefer a proper disinfection, then please follow these steps:

 

Download ATF cleaner from here:

 

http://www.atribune.org/content/section/4/30/

 

When you run it, uncheck Cookies as well as the Recycle bin, then allow ATF to clean.

 

Download SuperAntiSpyware from http://www.superantispyware.com. Run the program, update it (very important), then proceed with a COMPLETE Scan. After the reboot open SAS and go to Preferences>Logs. Please copy and paste the SAS log back here.

 

Now download the HijackThis installer from here:

 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

 

Run the program and click Scan Only. Don't make any changes. Copy and paste that log here as well.

 

Also, what version of IE are you using?

[maynardvdm]

Hi here is the first scan log i did with superantispyware:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/02/2008 at 05:58 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3394

Trace Rules Database Version: 1386

 

Scan type : Complete Scan

Total Scan Time : 00:52:14

 

Memory items scanned : 417

Memory threats detected : 0

Registry items scanned : 5207

Registry threats detected : 31

File items scanned : 47256

File threats detected : 81

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{92335157-984B-4692-8405-530335CA9F27}

HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}

HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}\InprocServer32

HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\WCIENTTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92335157-984B-4692-8405-530335CA9F27}

HKCR\CLSID\{92335157-984B-4692-8405-530335CA9F27}

 

Trojan.WinAntiSpyware 2007

HKLM\System\ControlSet001\Services\ApiMon

C:\WINDOWS\SYSTEM32\DRIVERS\APIMON.SYS

HKLM\System\ControlSet002\Services\ApiMon

HKLM\System\CurrentControlSet\Services\ApiMon

C:\Program Files\Common Files\WinAntiSpyware 2007\err.log

C:\Program Files\Common Files\WinAntiSpyware 2007

C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\activator_info.txt

C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\DownloadWAS7.url

C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\Logs\Activate.log

C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\Logs\update.log

C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007\Logs

C:\Documents and Settings\cynthia\Application Data\WinAntiSpyware 2007

C:\WINDOWS\TEMP\WINANTISPYWARE2007SETUP.EXE

 

Adware.Tracking Cookie

C:\Documents and Settings\cynthia\Cookies\cynthia@atdmt[1].txt

C:\Documents and Settings\cynthia\Cookies\cynthia@statse.webtrendslive[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt

C:\Documents and Settings\arthur\Cookies\arthur@122.2o7[2].txt

C:\Documents and Settings\arthur\Cookies\arthur@atdmt[1].txt

C:\Documents and Settings\arthur\Cookies\arthur@casalemedia[2].txt

C:\Documents and Settings\arthur\Cookies\arthur@statse.webtrendslive[1].txt

C:\Documents and Settings\arthur\Cookies\arthur@winantispyware[2].txt

C:\Documents and Settings\arthur\Cookies\arthur@winantivirus[2].txt

C:\Documents and Settings\cynthia\Cookies\cynthia@ads.revsci[1].txt

C:\Documents and Settings\cynthia\Cookies\cynthia@tracker.icerocket[2].txt

C:\Documents and Settings\cynthia\Cookies\cynthia@winantispyware[1].txt

C:\Documents and Settings\johan\Cookies\johan@mediaplex[1].txt

C:\Documents and Settings\johan\Cookies\johan@msnportal.112.2o7[1].txt

C:\Documents and Settings\johan\Cookies\johan@shop.zanox[2].txt

C:\Documents and Settings\johan\Cookies\johan@stats1.reliablestats[1].txt

C:\Documents and Settings\johan\Cookies\johan@winantispyware[2].txt

C:\Documents and Settings\johan\Cookies\johan@www.winantispyware[1].txt

C:\Documents and Settings\marisca\Cookies\marisca@adtech[2].txt

C:\Documents and Settings\marisca\Cookies\marisca@atdmt[2].txt

C:\Documents and Settings\marisca\Cookies\marisca@mediaplex[1].txt

C:\Documents and Settings\marisca\Cookies\marisca@msnportal.112.2o7[1].txt

C:\Documents and Settings\marisca\Cookies\marisca@winantispyware[2].txt

C:\Documents and Settings\marisca\Cookies\marisca@winantivirus[1].txt

C:\Documents and Settings\marisca\Cookies\marisca@www.winantivirus[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@drivecleaner[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@mediaplex[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@purchase.winantivirus[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@stats1.reliablestats[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@winantispyware[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@winantivirus[1].txt

C:\WINDOWS\Temp\Cookies\cynthia@winantivirus[2].txt

C:\WINDOWS\Temp\Cookies\cynthia@www.winantivirus[1].txt

 

Trojan.Error Safe Free

C:\Program Files\ErrorSafe Free

 

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007

HKU\S-1-5-21-3536753268-3652230139-3292127004-1006\Software\WinAntiVirus Pro 2007

HKLM\Software\WinAntiVirus Pro 2007

HKLM\Software\WinAntiVirus Pro 2007#EulUWA7P_0001_N99M2908

HKCR\UWAP7.PCheck.1

HKCR\UWAP7.PCheck.1\CurVer

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\InprocServer32#ThreadingModel

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\ProgID

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\Programmable

HKCR\CLSID\{2A5C2E6D-864B-4f2c-9542-8B272741D78B}\VersionIndependentProgID

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\0

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\0\win32

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\FLAGS

HKCR\TypeLib\{6F520BE0-9B54-4558-816F-224E67997DF3}\1.0\HELPDIR

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\ProxyStubClsid32

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib

HKCR\Interface\{459F4226-1AAB-43B6-9DC1-B6313EF83749}\TypeLib#Version

C:\WINDOWS\system32\stera.job

C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log

C:\Program Files\Common Files\WinAntiVirus Pro 2007

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\avtasks.dat

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\CookieList.dat

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\history.db

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs\update.log

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs\winav.log

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\Logs

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007\PGE.dat

C:\Documents and Settings\cynthia\Application Data\WinAntiVirus Pro 2007

C:\UWA7P\Quar

C:\WINDOWS\..\UWA7P

C:\WINDOWS\TEMP\NI.UWA7P_0001_N99M2908\SETUP.EXE

 

Malware.DriveCleaner

C:\Program Files\Common Files\DriveCleaner Freeware

C:\Documents and Settings\cynthia\Application Data\DriveCleaner Freeware\Logs\update.log

C:\Documents and Settings\cynthia\Application Data\DriveCleaner Freeware\Logs

C:\Documents and Settings\cynthia\Application Data\DriveCleaner Freeware

 

Adware.Casino Games (Golden Palace Casino)

C:\CASINO\AFRICAN PALACE CASINO\CASINO.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\AFRICAN PALACE CASINO.LNK

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AFRICAN PALACE CASINO\AFRICAN PALACE CASINO.LNK

 

Trojan.Downloader-Gen/LIB

C:\DOCUMENTS AND SETTINGS\CYNTHIA\LOCAL SETTINGS\TEMP\PBYUXEON.DLL

 

Trace.Known Threat Sources

C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\YCGKN7AN\logo2[1].gif

C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\CB5KZXED\order[1].htm

C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\YCGKN7AN\clear_star[1].gif

C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\70EF7NKC\button[1].gif

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EFK09KUG\arrow_left[1].gif

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EFK09KUG\genpass[1].js

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FOPMGOJQ\secure[1].gif

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FOPMGOJQ\checkinput_2[1].js

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GPY78LI3\cards[1].gif

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0523GDI3\functions_2[1].js

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GPY78LI3\err[1].gif

[maynardvdm]

Hi here is the hijackthis log :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:31:54 AM, on 2008/02/04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lexmark 7300 Series\lxcimon.exe

C:\Program Files\Lexmark 7300 Series\ezprint.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\lxcicoms.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TightVNC\WinVNC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {11E10787-2469-4EC4-B540-0B2094041015} - C:\WINDOWS\system32\sromoquj.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: {4e97753b-03d3-3239-1664-a16097a7ee35} - {53ee7a79-061a-4661-9323-3d30b35779e4} - C:\WINDOWS\system32\dtywcnle.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201948413406

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (file missing)

O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe

O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

 

--

End of file - 7554 bytes

[RandyL]

Hi manard;

I don't normally do hijackthis logs. Seth does so wait for him. Offhand I don't see anything suspicious.

 

Is the machine running better? Did you get all the Windows updates to install?

 

RandyL

[maynardvdm]

No not yet. I bought a decent antivirus thought. Bitdefender 2008. i am installing that now.

Thanks for all the help so far.

[maynardvdm]

Success!!!!! :) updates installed. all 70 of them. So first installed bitdefender and did a complete scan. Twice. Then when it found nothing i did a repair install of windows. Then whent to the update website and it installed all the updates.

 

Thanks for Everyone's help

[Seth]

Thanks for the update maynard.

 

The Super log shows infections which are classic examples of Trojan Horses. All of those infections could have been avoided if the owner was made aware of this post:

 

http://extremetechsupport.com/forum/t1533-avoid-malware-infection.