1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Microsoft antispyware found 2 problems

Discussion in 'Virus & Other Malware Removal' started by masterchief, Feb 1, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. masterchief

    masterchief Thread Starter

    Joined:
    Jun 6, 2004
    Messages:
    282
    ok the first problem is called about:blank ( browser hijacker ) and it said it is in the internet explorer start page and the threat risk is high.
    i have tried removing it multiple times and it keeps coming back.
    i do not use internet explorer anymore i use mozilla firefox for my default browser.

    if you need a hjt log what windows xp username do u need it from ( i got 3)
    -------------------------------------------------------------------------------
    the 2nd problem is

    i go to system explorers in microsoft anti spyware and i clicked on downloaded active x and it got all these installed active x names and they say they are all safe except this one

    DirectAnimation Java Classes C:\WINDOWS\Java\classes\dajava.cab
     
  2. physician

    physician

    Joined:
    Jul 13, 2004
    Messages:
    1,421

    You got a bad bug if you have the about:blank bug. Download, install, update and run ADaware SE from my sig. Select all it finds and delete it. Then download and install Spybot. Turn on teatimer. Install, update, immunize and then search and destroy. Let it fix all it finds. Then download and install into its own folder the hijack this below (current version). Run a scan, save it, copy and paste the saved file back here on this thread. One of the gurus will take a look and help you clean this - its a really bad one...doc
     
  3. Linkmaster

    Linkmaster

    Joined:
    Aug 11, 2001
    Messages:
    2,872
    Just to ad to physician's suggestions, Download About:Buster from here : http://tools.zerosrealm.com/AboutBuster.zip, unzip to a file and run. OK , Start, OK again to close Explorer. It will want to run twice, let it.
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    Definitely make use of:

    Ad-Aware SE Personal 1.05

    Spybot - Search & Destroy 1.3

    HijackThis 1.99.0
    (y)

    Personally, I question how well Microsoft's malicious removal tool really works. :rolleyes:
     
  5. physician

    physician

    Joined:
    Jul 13, 2004
    Messages:
    1,421
    flavallee
    i forgot about that malicious tool that windows came out with. He might try that - he used the antispyware tool which targets the same things as adaware and spybot. this would be a good test for that microsoft product.

    http://www.microsoft.com/security/malwareremove/default.mspx

    hey chief, run this app from microsoft and see if it gets that trojan before trying anything else - this will let us know if Microsoft has done their homework. Let us know - in fact then you can download and post your hijack this log after doing this...doc
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    Once it's installed and runs, its MRT.EXE file may disappear. Too find out what it did, open the MRT.LOG file in Notepad.
     
  7. masterchief

    masterchief Thread Starter

    Joined:
    Jun 6, 2004
    Messages:
    282
    ok i ran both tests and they both found nothing ( microsoft tool, about buster) but i could not run the ms test in the browser for some reason so i had to download it but when i ran the test it said it found nothing but it also said there were errors in the test
     
  8. masterchief

    masterchief Thread Starter

    Joined:
    Jun 6, 2004
    Messages:
    282
    ok here are my hjt logs for all of my usernames in windows xp they are divided by those lines if i have to remove something tell me what number it is in

    -----------------------------------------------------------------------------
    Logfile of HijackThis v1.99.0
    Scan saved at 4:35:28 PM, on 2/2/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    ---------------------------------------------------------------------------------

    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\hijack this\HijackThis.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    ----------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.0
    Scan saved at 4:39:42 PM, on 2/2/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  9. masterchief

    masterchief Thread Starter

    Joined:
    Jun 6, 2004
    Messages:
    282
    anyone there
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    It can be difficult enough dealing with and fixing one log, and you want us to deal with three of them? :eek:
     
  11. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
    Your logs look clean

    If you do not have an antivirus program installed go here and get AVG 7 and install it

    http://forums.techguy.org/t110854.html

    Sorry I see you have Kaspersky but it is not opening on startup .

    Go to Windows Updates and download all critical updates except SP2
     
  12. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,782
    First Name:
    Frank
    You've also got a few unnecessary programs that don't need to be running in the background - consuming system resources and dragging down performance.
     
  13. Dust Sailor

    Dust Sailor

    Joined:
    Mar 17, 2004
    Messages:
    2,735
  14. masterchief

    masterchief Thread Starter

    Joined:
    Jun 6, 2004
    Messages:
    282
    i went to the site but did not know what to use
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/325708

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice