Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

No Broadband Connection Popup,

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

No Broadband Connection Popup,

Unread postby Cowboybooter » June 20th, 2005, 5:38 pm

On Behalf of someone else, Spybot and MS AntiSpy Run,

Logfile of HijackThis v1.99.1
Scan saved at 6:13:37 PM, on 6/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1115432056890
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - http://www.ofoto.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pr...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanx in advance!

:)

Bob
User avatar
Cowboybooter
Regular Member
 
Posts: 21
Joined: February 11th, 2005, 7:31 pm
Location: Leafy Surrey, UK
Advertisement
Register to Remove

Re: No Broadband Connection Popup,

Unread postby Perculator » June 21st, 2005, 8:33 am

Start Hijack this and put a check at the following

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

The following line also if not set by you as startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

Click Fix Checked

Restart your computer

Now run

Panda virus check and save the log it makes.

Restart your computer

Run Hijack This
And place a fresh log on this board, together with the outcome of the pandalog.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby Cowboybooter » June 21st, 2005, 5:14 pm

Many thanx, Perculator!!

I'll have that happen and post results!

:)

Bob
User avatar
Cowboybooter
Regular Member
 
Posts: 21
Joined: February 11th, 2005, 7:31 pm
Location: Leafy Surrey, UK

Unread postby Cowboybooter » June 21st, 2005, 5:19 pm

Resulting logs, Panda first then HJT!

Many Thanx in Advance!

Incident Status Location

Adware:Adware/WinTools No disinfected C:\Documents and Settings\Lori\Local Settings\Temp\temp.cab[IExploreSkins.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Lori\Local Settings\Temp\temp.cab[toolbar.dll]
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Lori\Local Settings\Temp\U2.tmp
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\alchem.cab
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\alchem.cab[alchem.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\alchem.cab[alchem.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\alchem.cab[alchem.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\alchem.ini
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\ms1.tmp
Adware:Adware/NetPals No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\ms47.tmp
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\THI3CE8.tmp\twaintec.inf
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\Tvm.upd
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\TvmUpdater.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U1E9B.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U2CE4.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U2EA4.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U3051.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U31E1.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U32E.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U3754.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U38D5.tmp
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Patrick\Local Settings\Temp\U3C0A.tmp
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\mseggo.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msfaol.dll
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msfdje.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msglji.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msiaih.dll
Adware:Adware/SaveNow No disinfected Z:\Program Files\BearShare\Installer\saveinstwm.exe


hijackthis.........................


Logfile of HijackThis v1.99.1
Scan saved at 4:17:35 PM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
Z:\ScreenPrint32.exe
C:\WINDOWS\system32\winlogon.exe
X:\Find-a-Drug\think.exe
X:\Find-a-Drug\server.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\unzipped\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [ScreenPrint32] Z:\\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1115432056890
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - http://www.ofoto.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {776706AE-CACA-4EA3-93DF-BB83D9259DA9} - http://supportservices.msn.com/us/oeconfig/MailCfg.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pr...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


:)

Bob
User avatar
Cowboybooter
Regular Member
 
Posts: 21
Joined: February 11th, 2005, 7:31 pm
Location: Leafy Surrey, UK

Unread postby Perculator » June 22nd, 2005, 12:28 pm

download and run
The panda trial

It will now remove everyhting it finds.

Restart your computer after the scan and place a fresh hijack this log on this board together with the outcome of the pandalog
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby Cowboybooter » June 22nd, 2005, 4:23 pm

Instructions conveyed!

Thanx for the speedy replies, Perculator!

:)

Bob
User avatar
Cowboybooter
Regular Member
 
Posts: 21
Joined: February 11th, 2005, 7:31 pm
Location: Leafy Surrey, UK

Unread postby Cowboybooter » June 23rd, 2005, 5:34 pm

Whoa!

'Panda trial' caused big time headaches for afflicted one, including googling for a cure, apparently many have had issues with it! Safe mode boot to run and uninstall it!, as it locked him out!

On the bright side, he appears to be connecting seamlessly now!

Thanx thus far, Perculator!

:)

Bob
User avatar
Cowboybooter
Regular Member
 
Posts: 21
Joined: February 11th, 2005, 7:31 pm
Location: Leafy Surrey, UK

Unread postby NonSuch » July 17th, 2005, 11:49 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware