PDA

View Full Version : Hello i have just got a laptop..


Browny
2006-10-30, 14:55
I have just got a new laptop and scanned it with various virus/adware removers including spybot. I keep getting loads of popups all the time and i can not stop them. Here is a Hiijack Report of them.

Logfile of HijackThis v1.99.1
Scan saved at 4:36:47 AM, on 10/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\d2luZG93cyB4cA\command.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\nath fisher\Desktop\avg75free_428a818.exe
C:\DOCUME~1\NATHFI~1\LOCALS~1\Temp\RarSFX0\avgsetup.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\NATHFI~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\Run: [VCS Host] vcshost.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\RunServices: [VCS Host] vcshost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKCU\..\Run: [VCS Host] vcshost.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\mvl2l93o1.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\mvj4l91q1.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\d2luZG93cyB4cA\command.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Please help thanks
Browny
2006-10-30, 16:10
Hello please can you help?
pskelley
2006-10-31, 15:33
Welcome to the forum, if you still need help, follow these directions exactly:

Please be aware you should have reviewed and followed these instructions:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288
Use the "Post Reply" to post the information in the instructions.

Bumping your post will have the opposite effect that you want as you will see in the instructions. Keep in mind all are volunteers and most forums are running around five days for a response if you get one at all.

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com
http://download.bleepingcomputer.com/sUBs/combofix.exe
* techsupportforum.com
http://www.techsupportforum.com/sectools/combofix.exe
2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Thanks
tashi
2006-11-07, 19:00
Browny? :scratch:
tashi
2006-11-14, 02:21
This topic is closed due to lack of a response.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.