Red Danger virus

Marine61 · 30-Mar-2008, 09:47 PM #1

The red danger has hijacked my computer. Can anyone help me with this annoying problem? Thanks. Tom

km2357 · 31-Mar-2008, 01:20 AM #2

Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Step # 1: Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step # 2: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Marine61 · 31-Mar-2008, 07:31 PM #3

Thanks for your help. The Red Danger screen is gone after running Super antivirus but I still have a white screen with the icons that won't let me install my wallpaper. My hijackthis logfile is attached.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:32 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\SystemErrorFixer\ucookw.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U54Z65M5\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uubxfuzx] C:\WINDOWS\system32\tajcvyjk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ServiceKernel - {b9fd27bd-db41-4e28-8c7b-2b5264f60333} - C:\WINDOWS\Installer\{b9fd27bd-db41-4e28-8c7b-2b5264f60333}\ServiceKernel.dll (file missing)
O21 - SSODL: VolumeDrv - {c57c60ce-6189-425f-b02e-40c708a3d474} - C:\WINDOWS\Installer\{c57c60ce-6189-425f-b02e-40c708a3d474}\VolumeDrv.dll (file missing)
O21 - SSODL: WinUnknown - {0f6491d5-e82e-4a2b-ba96-32cdf7dc9011} - C:\WINDOWS\Installer\{0f6491d5-e82e-4a2b-ba96-32cdf7dc9011}\WinUnknown.dll (file missing)
O21 - SSODL: DriveRam - {4af4c047-e7ab-4db9-b416-cbf63d160d13} - C:\WINDOWS\Installer\{4af4c047-e7ab-4db9-b416-cbf63d160d13}\DriveRam.dll (file missing)
O21 - SSODL: VolumeSrv - {0c55ad9b-a0f0-465a-85bd-2685246a7e5f} - C:\WINDOWS\Installer\{0c55ad9b-a0f0-465a-85bd-2685246a7e5f}\VolumeSrv.dll (file missing)
O21 - SSODL: BootSrv - {5cb8c0f2-2438-4d3c-bb08-3b60b43e2868} - C:\WINDOWS\Installer\{5cb8c0f2-2438-4d3c-bb08-3b60b43e2868}\BootSrv.dll (file missing)
O21 - SSODL: vbgtorfd - {99FD6FB9-45AA-48EF-80B3-5B32830DF61F} - C:\WINDOWS\vbgtorfd.dll (file missing)
O21 - SSODL: dwnrpofk - {1A3BC06A-800C-48B5-93AC-C2F104D971D1} - C:\WINDOWS\dwnrpofk.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4958 bytes

Marine61 · 31-Mar-2008, 07:38 PM #4

Here's my uninstall list.Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Advanced Registry Optimizer
Driver Genius Professional Edition 2007
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 12.4.38.0
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Microsoft Visual C++ 2005 Redistributable
RegCure 1.5.0.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition

km2357 · 31-Mar-2008, 08:22 PM #5

Your Uninstall List looks really short. Did it get cut off? Was there anything in the list below SUPERAntiSpyware Free Edition? If so, please post the rest of the Uninstall List in your next post.

Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

Step # 2: Download and Run ComboFix

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

Be sure to save ComboFix.exe to your Desktop

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Marine61 · 02-Apr-2008, 01:16 PM #6

ComboFix 08-04-01.2 - Owner 2008-04-02 9:07:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.352 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\{0c55ad9b-a0f0-465a-85bd-2685246a7e5f}\VolumeSrv.dll
C:\WINDOWS\Installer\{0f6491d5-e82e-4a2b-ba96-32cdf7dc9011}\WinUnknown.dll
C:\WINDOWS\Installer\{4af4c047-e7ab-4db9-b416-cbf63d160d13}\DriveRam.dll
C:\WINDOWS\Installer\{5cb8c0f2-2438-4d3c-bb08-3b60b43e2868}\BootSrv.dll
C:\WINDOWS\Installer\{b9fd27bd-db41-4e28-8c7b-2b5264f60333}\ServiceKernel.dll
C:\WINDOWS\Installer\{c57c60ce-6189-425f-b02e-40c708a3d474}\VolumeDrv.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-03-31 18:42 . 2008-03-31 18:42 <DIR> d-------- C:\Program Files\Support Tools
2008-03-31 18:14 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-31 18:14 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-31 15:24 . 2008-03-31 15:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 20:17 . 2008-03-30 20:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-30 20:16 . 2008-03-30 20:27 <DIR> d-------- C:\SDFix
2008-03-30 18:59 . 2008-03-30 18:59 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\systemerrorfixer
2008-03-30 18:58 . 2005-09-20 09:31 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-30 18:57 . 2008-03-30 18:57 13,690 --a------ C:\WINDOWS\system32\wpa.bak
2008-03-30 18:52 . 2006-02-28 04:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-30 18:51 . 2006-02-28 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-30 18:50 . 2004-05-12 23:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-03-30 18:49 . 2008-03-30 18:49 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-30 18:49 . 2008-03-30 18:49 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-30 18:49 . 2008-03-30 18:49 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-30 18:49 . 2008-03-30 18:49 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-30 18:49 . 2008-03-30 18:49 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-25 22:14 . 2008-03-25 22:14 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-03-23 22:31 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-23 21:17 . 2008-03-23 21:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-03-23 21:16 . 2008-03-23 21:17 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-03-23 20:29 . 2008-03-23 20:29 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-23 19:48 . 2008-03-23 20:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-23 19:48 . 2008-03-23 19:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 19:48 . 2008-03-23 19:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-03-23 19:48 . 2008-03-23 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-23 18:13 . 2008-03-23 18:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 18:13 . 2008-03-23 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-23 12:16 . 2006-03-16 16:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2008-03-23 12:13 . 2008-03-23 12:15 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-23 11:08 . 2008-03-25 22:14 <DIR> d-------- C:\Program Files\Symantec
2008-03-23 11:08 . 2008-03-25 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-23 10:58 . 2008-03-25 22:38 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-23 10:39 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-23 10:39 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-23 10:39 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-23 10:39 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-23 10:39 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-23 10:30 . 2008-03-23 10:30 <DIR> d-------- C:\Program Files\Google
2008-03-23 10:30 . 2008-03-25 21:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 09:39 . 2008-03-23 09:39 <DIR> d-------- C:\Program Files\RegCure
2008-03-22 22:11 . 2008-03-30 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zshgtgru
2008-03-22 21:16 . 2008-03-22 21:16 <DIR> d-------- C:\Program Files\Intel
2008-03-22 21:16 . 2007-12-20 01:43 248,448 --a------ C:\WINDOWS\system32\PROUnstl.exe
2008-03-22 21:16 . 2006-01-12 14:52 1,904 --a------ C:\WINDOWS\system32\SetupBD.din
2008-03-22 21:03 . 2008-03-22 21:03 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-22 21:00 . 2007-11-16 10:55 165,496 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-03-22 20:55 . 2008-03-22 20:55 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-03-21 20:30 . 2008-03-21 20:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 20:30 . 2008-03-21 20:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-21 20:29 . 2008-03-21 20:29 <DIR> d-------- C:\WINDOWS\Cache
2008-03-21 20:22 . 2005-02-22 15:53 221,184 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-03-21 20:22 . 2005-03-16 19:09 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-03-21 20:22 . 2004-10-22 13:42 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-03-21 20:02 . 2008-03-21 20:36 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 20:01 . 2008-03-21 20:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 03:51 --------- d-----w C:\Program Files\Driver-Soft
2008-03-22 03:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-05 03:41 176,128 ----a-w C:\WINDOWS\system32\Ncs2Setp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-23 10:30 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"AROReminder"="" []
"uubxfuzx"="C:\WINDOWS\system32\tajcvyjk.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemErrorFixer"="C:\Program Files\SystemErrorFixer\SysRep.exe" [ ]
"cwriter"="C:\Program Files\SystemErrorFixer\ucookw.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 16:44:17 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-23 17:40:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 09:08:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-02 9:09:13
ComboFix-quarantined-files.txt 2008-04-02 17:08:58
Pre-Run: 33,317,597,184 bytes free
Post-Run: 33,316,691,968 bytes free
.
2008-04-02 05:02:44 --- E O F ---
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Advanced Registry Optimizer
Driver Genius Professional Edition 2007
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 12.4.38.0
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Microsoft Visual C++ 2005 Redistributable
RegCure 1.5.0.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Support Tools

km2357 · 03-Apr-2008, 04:04 PM #7

Please do the following:

Download a diagnostic tool (MGADiag.exe) from >here< and save this to your Desktop.
Double-click on MGADiag.exe.
When the program has finished, click on the Validation tab and then click on Copy to Clipboard
Please post the results in your next reply.

Marine61 · 03-Apr-2008, 09:56 PM #8

Hi KM, it appears that the computer returned to normal after the COMBOFIX tool was completed. Thanks for all your help it is much appreciated. Should I still run the last diagnostic tool you recommended?

km2357 · 03-Apr-2008, 10:23 PM #9

Yes, please run it and post the results. Thanks.

Marine61 · 06-Apr-2008, 02:07 AM **#10**

Diagnostic Report (1.7.0069.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-2FM82-6C9XR-VHGQ6
Windows Product Key Hash: ty+zuqIWuHzdrJBV6goYvKXVlGg=
Windows Product ID: 76477-008-1070105-21748
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010300.2.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {5BE918DB-E9A2-4E73-930B-AA18AF729408}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2920-80070002_B4D0AA8B-470-80070002_025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5BE918DB-E9A2-4E73-930B-AA18AF729408}</UGUID><Version>1.7.0069.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VHGQ6</PKey><PID>76477-008-1070105-21748</PID><PIDType>5</PIDType><SID>S-1-5-21-839522115-926492609-2147011267</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 3000 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="3"/><Date>20041108000000.000000+000</Date></BIOS><HWID>3A3037E701846052</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>

km2357 · 06-Apr-2008, 03:40 PM **#11**

Thanks for the log.

We've still got some more work to do.

First, I've noticed by looking at your Uninstall List that you have no Windows patches, hotfixes, critical updates installed. Go to Windows Update and download and install all critical updates, reboot your computer once done, and repeat until there are no critical updates left.

Seems your missing an important part of your operating system. Let's get it reinstalled in case you ever need it.
Nothing is going to change on your computer other than we are going to reinstall the Recovery Console.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Marine61 · 07-Apr-2008, 03:17 PM **#12**

Hi KM, I've installed the recovery console but I did not install service pack 2 because according to the system information folder it's already installed. Also, it appears that I've lost my volume control.

. Thanks again for all your help. Tom

km2357 · 07-Apr-2008, 03:33 PM **#13**

I need to see the Recovery Console log that appeared after you installed RC. It's called CF_RC.txt and should be in either C: or C:\ComboFix\

I didn't want you to install Service Pack 2, your HiJackThis Log shows that you have SP2 installed already, what I wanted was for you to go to Windows Update and download and install any critical patches/updates they have listed there. There should be a good number of updates there for you to download and install besides Service Pack 2.

In your next post, I need to see the recovery console log and a fresh HiJackThis Log

km2357 · 10-Apr-2008, 02:53 PM **#14**

Marine61? Do you still need help?

Marine61 · 16-Apr-2008, 01:01 PM **#15**

Hi KM, Yes I still need help. Sorry for the delay. I'm still looking for cf_rc.txt in my c: directory.

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)