Please check my HijackThis log ! (PART 2)

  curlylad 21:40 05 May 05
Locked

As the name suggests this is a follow on post from this earlier one click here

PLEASE MORE HELP !
OK update , turned PC on 5 days ago and couldn't get onto Internet , checked all my internet settings and they had all been deleted , tried a system restore but none of my restore points would work , re-entered all my Internet settings but still can't get on the net , device manager shows no devices completely empty , address book has been wiped clean , even the task bar at the bottom of the screen has gone from blue with a green start button to being cream with a square edged start button.
I can get into BIOS ,and I can get into safe mode .At the moment I have salvaged an old Win98SE with 56k dial up modem to get onto here but the settings are all messed up so I don't know how long it will hold up , maybe an hour , maybe a week so if anyone can help please I am now DESPERATE.

So VoG , Nellie2 if you're out there I could do with some help. Yours hopefully , curlylad !

  VoG II 21:42 05 May 05

Can you post another HJT log please? I'm not sure if this is a spyware issue but we ought to at least eliminate that possibility.

  p;3 22:10 05 May 05

can u remember what you did to get it originally "uninfected"?

and am following :)

what can u run on it?

  curlylad 23:02 05 May 05

Some more info for you , If I try to set up a internet connection using the wizard I get , my settings should be already configured.If I click use the CD from my ISP , I get ERROR 711 I then try to find out what that error means by going into Help and Support but it says to access Help and Support I must start the service Help and Support , How do I do this ?
If I click the Tiscali icon on the desktop I get Tiscali Dialler Error.

Also can someone please tell me exactly how my settings should be configured in msconfig , they don't look right to me so I need a tab by tab explanation as to how to set them , i.e what should be ticked and what shouldn't be ticked on each tab please.
And of course any and all other suggestions greatfully received !

VoG - The only way I can post a HJT log is if I copy it to notepad and then load it onto a floppy , then put the floppy into this machine and see if it works , remember the XP machine is mucked up and cant access internet , this basic PC I am using has only an A: Drive and a CD-ROM drive.

p;3 - Glad you're still on board mate and I am sure by hook or by crook we will solve this.Yes I have been through how we solved original infection again but nothing doing , I believe that we have gotten rid of the infection but we are left with a bunch of messed up settings as a remainder and a reminder.

I am now sure that I just need to reconfigure a load of settings to do with my internet connections first , if I can then get onto the Internet with it , it will be much easier to post logs and reply much quicker.So whats next ?

  curlylad 23:09 05 May 05

Part 1

Logfile of HijackThis v1.99.1
Scan saved at 23:01:39, on 05/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\[email protected]\[email protected]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian Sorahan\Desktop\HijackThis.exe

  VoG II 23:10 05 May 05

Some off-forum consultation has taken place (we've had a cyberchat) and my interpretation is that you need to repair Windows click here and report back please.

  curlylad 23:12 05 May 05

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [ICC2000] 1
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe

  curlylad 23:14 05 May 05

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - click here
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - click here
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - click here
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - click here
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - click here
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - click here
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - click here
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - click here
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} - click here
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - click here
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - click here
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - click here
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - click here
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - click here
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - click here
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - click here
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - click here
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - click here
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - click here
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - click here
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - click here
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - click here
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

VoG - I noticed your link between my HJT log and will give it a go whilst you have a gander at it !

  woodchip 23:43 05 May 05

First it's not going to help, Running Kaspersky and AVG you need to remove one or the other. You could also Run SFC /SCANNOW with XP cd in comp. then see what it look's like after

  curlylad 23:50 05 May 05

OK , I started to follow your link then it all went pair shaped as it said the CD I had in the drive was a different O/S , I then realised the XP disc I have is XP Pro .

I will have to wait until tomorrow now I will then purchase an XP home CD and start your suggestion again.Many thanks again for sticking with me on this one and I will be back on line about midday tomorrow (Friday) .

Before that though did you have a chance to look at my HJT log and if so is it looking OK ?
Also earlier you said you had a cyber chat and an off forum consultation , come on spill the beans , whos in the corner there with you fighting for me , I feel honoured that little old me is the conversation piece , well my PC is anyhow !If you can't divulge who it is then I respect that but give them my thanks for their input any way !

  curlylad 22:17 06 May 05

Firstly I am now back up and running and no problems so far. I had to install win xp pro instead of xp home as I only had the xp pro cd-rom .I found out that repairing windows would have worked but it kept saying when I tried to do this that NTLDR is missing , this is a program loaded from the hard drive boot sector that helps windows NT load , this message is also I belive a message you get when you have a seriously damaged or corrupted O/S.So instead we upgraded from win xp home to win xp pro and Bobs your uncle.

For those of you that have helped me with this then many many thanks especially VoG™ , Nellie2 and p;3 to name a few.Those of you that wanted to have a summary of how we got rid of the virus that originally caused this then give me a couple of days to get myself sorted again and I will prepare a document and send it to you , you know who you are.The only problem with this virus was that the only way to get rid of it was to remove 'stuff' that damaged beyond repair my O/S and caused me to reload an O/S which pretty much is a jolly bad show but alls well etc etc.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…