TechSpot

Logs Attached, Don't think I'm debugged Yet.

By Diamondente
Nov 17, 2007
  1. Antirootkit scan came back clean..Nothing found.

    Other logs attached. Please advise where to go from here. Thank you for your help.

    I have followed all the preliminary steps, which brings me here to attach my logs. Thank you.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Not so.

    All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

    Also, you have attached a VBG.txt log, which isn`t requested and you haven`t attached a Combofix log that is requested.

    Please post the requested log files.

    Regards Howard :wave: :wave:

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Diamondente

    Diamondente TS Rookie Topic Starter

    Thank you.

    I don't know why I uploaded the wrong log. I had the combofix.txt file sitting on my desktop. I ran it again anyway.

    AVG to follow in a few hours. However, when I look at it, it IS set to quarantine...Because I had followed those instructions.I didn't follow 17 steps and take all day to do them incorrectly :haha:
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:



    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Diamondente

    Diamondente TS Rookie Topic Starter

    Howard:

    I will do that as soon as AVG is done running again. Then I will post all 3 logs together,....New combofix...fresh HJT and the AVG. :)

    thank you for your help.

    Here are the new, correct logs :)

    Combofix re-ran with the text you gave me...it went through many many more 'stages' than it did originally.

    Thank you for your help.

    oops. Uploading HJT in .txt format.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Delete all files in AVG Antispyware quarantine.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - Global Startup: AutorunsDisabled

    O9 - Extra button: (no name) - AutorunsDisabled - (no file)

    O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)

    O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab

    O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Download_Helper/fsloader_v3.cab

    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMete r_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab

    O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49/haunted/haunted.cab

    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab

    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab

    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab

    O16 - DPF: {F5692A44-3746-4CAE-BAEB-10FB33E38DD4} (VMSwitcher Class) - http://www.seeyouagainsoftware.com/shared/cands.cab

    O20 - AppInit_DLLs: c:\windows\system32\ddccded.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    c:\windows\system32\ddccded.dll
    C:\qoobox

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Diamondente

    Diamondente TS Rookie Topic Starter

    THank you. All seemed to go well.

    Attached is new HJT Log.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.

    Disable Spybot's TeaTimer. This is a two step process.
    First:
    - Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    - Choose Exit Spybot S&D Resident
    Second:
    - Open Spybot S&D
    - Click Mode, check Advanced Mode
    - Go To Left Panel, Click Tools, then also in left panel, click Resident
    - If your firewall raises a question, say OK
    - Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    - Use File, Exit to terminate Spybot
    - Reboot your machine for the changes to take effect.

    Now, follow the instructions in my post above and post a fresh HJT log when done.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Diamondente

    Diamondente TS Rookie Topic Starter

    Ok. Trying again :)

    Also, as an aside...Since I followed the 15+ steps yesterday..My spybot S&D doesn't load in the sys tray any longer. Any idea why?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Temporarily uninstall SS&D.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {53B952FB-47D7-4C22-B7A6-A52364B2B5C3} - (no file)

    O2 - BHO: (no name) - {86457b37-be84-47dc-a1c6-f2618e6870cc} - (no file)

    O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)

    O20 - Winlogon Notify: mscS32 - C:\WINDOWS\

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\WINDOWS\system32\mscS32.dll

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Diamondente

    Diamondente TS Rookie Topic Starter

    Howard:

    The file was actually mscS32.dll.vir. That was all that was there. I deleted it.:eek:

    New HJT log attached.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    Reinstall SS&D.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Diamondente

    Diamondente TS Rookie Topic Starter

    Thank you very much for all your time and attention to this matter.

    It is greatly appreciated :)

    BTW, I am unable to uninstall the instances of Java in Add/Remove programs. There is not add/remove button there. For any programs I've had, there are no remove buttons. They have all disappeared.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Take a look at this and see if it helps with your missing add/remove buttons.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. Diamondente

    Diamondente TS Rookie Topic Starter

    Thank you for the response. I tried this, but none of the programs are listed there. (the ones with the missing buttons..)

    Thank you again for your help :) Much appreciated.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Are you saying you have no add/remove programme options in your add remove programmes applet?

    If so, try doing a Windows repair as per this thread HERE.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. Diamondente

    Diamondente TS Rookie Topic Starter

    No. I have SOME programs in Add/Remove that have the option of being removed. Other programs (a large majority of them) have no remove/change button at all.

    When I followed the regedit instructions, the programs i need to remove (ie, old java) are not there. In fact, the only programs showing in the Regedit list are the programs which DO have the add/remove button in control panel.

    Whew..It sounds more complicated than it is. I hope this made some sense!
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that makes sense.

    If your only problem is the old version of Java, I suggest you just install the latest version and forget about the old version.

    Regards Howard :)

    This thread is for the use of Diamondente only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. Diamondente

    Diamondente TS Rookie Topic Starter

    Ok. Good.
    I installed the newest version per your instructions last night..but was unable to remove the older version(s). Now I don't have to remove them, I won't stress about it any longer.

    Thank you again for all of your assistance!

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...