Free Malware Removal Forum

[*zappa]

04/21/07 09:32:18 [Info]: BlackLight Engine 1.0.61 initialized
04/21/07 09:32:18 [Info]: OS: 5.1 build 2600 (Service Pack 1)
04/21/07 09:32:21 [Note]: 7019 4
04/21/07 09:32:21 [Note]: 7005 0
04/21/07 09:32:29 [Note]: 7006 0
04/21/07 09:32:29 [Note]: 7011 1684
04/21/07 09:32:29 [Note]: 7026 0
04/21/07 09:32:30 [Note]: 7026 0
04/21/07 09:32:33 [Note]: FSRAW library version 1.7.1021
04/21/07 10:00:04 [Note]: 7007 0

Can you also tell me if you're still having any problems/questions?

-still slow to wake screensaver
-windows explorer opens in small window, have to hit the max button every time

The first two are minor, what's important are the next 2:

-I would like to install SP2 when ready (problem mentioned my first post)
-I would like to uninstall Trend Micro and install Norton. WhenI tried installing Norton (previous to my contactting you) the computer crashed to a black screen.

Great to hear I don't need to reformat and that we are nearly done!!

Cheers,

John

[John B.]

Hi,

So, after creating INSTALL.LOG, can the bikini twins screensaver be removed? I forgot to ask you last time

Greets, John.

[*zappa]

No I cannot uninstall the screensaver. Still get "invalid install.log file".


thanks

John

[John B.]

Hi,

Step 1: Delete program using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on Bikini Twins Screen Saver and then press Delete this entry.
6. Now close HijackThis.

Step 2: Delete bad files and folders
Use Explorer to navigate to and delete the following files and folders (if present):

Files:
c:\WINDOWS\mgsSetp.exe

c:\WINDOWS\system32\Bikini Twins.scr

Folders:
c:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR

c:\WINDOWS\unbik6

Now just exit Explorer.

Step 3: Select another screensaver
Please select another screensaver now if you still had the twins.

-still slow to wake screensaver

Don't really understand what you mean with this. Please explain if you still have problems with it.

-windows explorer opens in small window, have to hit the max button every time

I tried it on my own computer and mine also opens in a small window. I think it's normal...

-I would like to install SP2 when ready (problem mentioned my first post)
-I would like to uninstall Trend Micro and install Norton. WhenI tried installing Norton (previous to my contactting you) the computer crashed to a black screen.

If you have no more problems you can go ahead with those and see if it works out

Greets, John.

[*zappa]

Two typos on my last posting. I should have written "slow to wake from screensaver". Meaning when the screen saver is running and I move the mouse or hit the space bar, it takes a very long time to see the desk top. I'm not using bikini screen saver, I'm using Windows Aquarium.

I meant to say Internt Explorer opens in small window, not Windows Explorer.

These are two minor details to me, I just included them in case they might help you in diagosing the problems.

I removed bikini twins screen saver using HJT per your instructions. GOOD BYE TWINS! Finally.

I could not find C:|windows\msgsetp.exe, either in windows explorer or by using "search".

Found and deleted C:\windows\system32\Bikini Twins.scr

Could not find c:\program files\MyGlobalSearch\bar\1.bin\M6FFXTBR.JAR

Removed c:\windows\unbik6

I then tried to install SP2, and part way through it stopped instalation and I received this message:


"Install Service Pack 2
Set up error
Failed to install catalog files
Select OK to undo the chanes that have been made"

I selected OK and received this message:

"Service Pack 2 instalation dod not complete. Windows XP has been partially updated and my not work properly."

I selected OK and the installation process stopped, but the computer seems to still be working OK. I rebooted to see if it would still work, and it does.

PROGRESS! before you started helping me, installing SP2 caused a blue screen crash. Thank You!

Here is a new HJT log.

Cheers
John


Logfile of HijackThis v1.99.1
Scan saved at 4:02:14 PM, on 4/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\HJThis\search.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winpatrol.com/cgi-bin/plusin ... oc=en&ext=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WinPatrol Explorer] "C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol PLUS] C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5581223125
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/Wsc ... erCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/in ... ction3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

[/quote]

[*zappa]

I forgot to mention that I tried to install SP2 a second time with the firewall, antivirus and anti-mallware programs disabled. Same results as first time.

Also I have not tried to install Norton, thought I should wait untill the other problems are resolved.

thanks again

John

[John B.]

Hi,

If you want IE to open in a big window right click on the icon, go to properties and then choose to let it open maximized or something like that. Apply it and click OK.

Please delete this folder (if present):
c:\program files\MyGlobalSearch

I then tried to install SP2, and part way through it stopped instalation and I received this message:

"Install Service Pack 2
Set up error
Failed to install catalog files
Select OK to undo the chanes that have been made"

I selected OK and received this message:

"Service Pack 2 instalation dod not complete. Windows XP has been partially updated and my not work properly."

I selected OK and the installation process stopped, but the computer seems to still be working OK. I rebooted to see if it would still work, and it does.

As this is a computer troubleshooting issue, not a malware issue, I suggest you use the following link to go to the CastleCops Windows NT/2000/2003/XP forum for help from a CastleCops SRT...

http://www.castlecops.com/f134-Windows_ ... 03_XP.html

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic. There is no way for CCSP to notify "guests" when they have received a reply.

There's also a forum for Norton Anti-Virus if you still need help with that afterwards:
http://www.castlecops.com/f80-Norton_Anti_Virus.html

Here are some malware related things for you to do:

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  Turn off System Restore.
  On the Desktop, right-click My Computer
  Click Properties
  Click the System Restore tab
  Check Turn off System Restore
  Click Apply, and then click OK
  
  Reboot.
  
  Turn on System Restore.
  On the Desktop, right-click My Computer
  Click Properties
  Click the System Restore tab
  Uncheck Turn off System Restore
  Click Apply, and then click OK
  NOTE: only do this ONCE, NOT on a regular basis!
  
• Re hide your system files. To do so, please follow the steps below:
  
  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Put a check by "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Do not show hidden files and folders."
  • Check "Hide protected operating system files."
  • Click Apply, and then click OK.
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  
• Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
  Instructions for - Spybot S & D and Ad-aware
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
  Computer Safety on line - Anti-Malware
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you have to be registered to post after registering just find your country room and register your complaint.
The infection you had was AWF (can go to the topic for unlisted infections).

>> Here << you can see how you can help us.

May your God go with you..

John.

[*zappa]

Took a while to get back to you, sorry. I'm glad to here that the computer is free of malware. But I still cannot load SP2. I understand that there are several issues with SP2 and XP Media Player, and I seem to have them all. I've been to the forum you recomended, followed several threads and checked with other forums also. I'm now in touch with Microsoft. I've backed up all of the important stuff so that if they cannot resolve the problem, I will rebuild from scratch. Thanks again for your help. I did not want to back up to my external HD until I knew that I was bug free, and now I can.

Cheers
John

[NonSuch]

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.