Search:

It's been a while, but a friend's PC is having issues with pop-ups, auto-directs, and many other issues. Here is the hijackthis report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at...

Okay, I'm back after a delay... Had to install a new PSU in the PC, the fan went out on the old 400W PS, so I installed a nice, new Turbolink 500W one.
:eek:

Okay, CCcleaner was a great program...

To answer both questions, yes. That is the version I downloaded and I had to manually remove the old JRE, as it wasn't on add/remove programs.

I was able to get jusched.exe to delete after stopping it in msconfig. Still, I tried the online and offline JRE 6.0 installers and they don't run. The offline version seeks acceptance from...

Also, it appears the version 5 of JRE was still in the Java folder and I can't delete jusched.exe. Everything else has been removed.

Also, I downloaded Java Runtime 6.0 and I double-click the installer and nothing happens...

Also, I can't remove Norton Personal Firewall 2005 from the add/remove programs...

:sick:

One more thing... The only thing I see in add/remove programs is Norton Personal Firewall 2005. I'm not even sure if this is running. I can remove it, but want to make sure there are no residual...

Actually, I think it's good for now. I know the owner does not want Windows reinstalled quite yet until she purchases a new PC. I don't want to risk losing files due to a repair or reinstall. I...

I really just want to restore the registry to it's default settings... I don't want to do an all-out windows restore. I've found several helpful things, but I'm not totally sure which way to go...

Okay, I switched the permissions on those specific keys, and I was able to delete all 5.

But, I'm still curious about restoring the default security settings of the registry. If System Restore is...

I think I know why I can't get rid of those though. The problem I had with jscript.dll and vbscript.dll was because I didn't have the proper registry permissions because of a deleted user profile. ...

Yes it does have administrator rights.

And to answer the other question: Yes, I am able to get rid of a few pieces of malware through spybot and AVG A-S, but, they come back...

FunWebProducts
MyWay.MyWebSearch

So it was good to quarantine the DigStream?

Also, yes. I still get a warning about compatibility issues of Spybot and PestPatrol.

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
...

Before I forget, I put Not-A-Virus.Downloader.Win32.DigStream.a in quarantine, is this malware or a virus?

Also, any status with the WinPFind3u log?
If all instances of PestPatrol are removed, why does Spybot still show up with a compatibility warning?

I did an AVG A-S scan in Safe Mode which also could not remove those 4 items... So, I have a dialer and 3 adware's... Regular AVG Scanner only showed up something called NDuninstaller that was...

I got an error when I tried to quarantine:
Dialer.Generic
Adware.180Solutions
Adware.Zango
Adware.NewDotNet

They are associated with Killbox somehow...

And here's the current AVG Anti-Spyware report. Apparently not all of the boxes were checked when I did this in safe mode since monitor resolution was 640x480 and I could not see the options I was...

Oh, here's my current HJT log. Also, any update with that really long log?






Logfile of HijackThis v1.99.1
Scan saved at 9:46:46 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT...

That worked, thank you.

Next... I have 5 instances with 16 cases of baddies showing up on my Spybot:

1800Solutions.SearchAssistant
NewDotNet
Sobit.C
Wild Tangent
Zango

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 1/18/2007 10:33:29 AM for strings:
; 'pestpatrol'
; Strings excluded from...

You're not kidding... It was a lot of fun to copy/past too... :sick:

Yes, while you're looking into that, I was curious about an annoying thing having to do with Pestpatrol.

I thought I had...

[File String Scan - Non-Microsoft Only]
qoologic , -> %SystemDrive%\ComboFix.txt -> [Ver = | Size = 16688 bytes | Modified Date = 1/6/2007 12:29:30 PM | Attr = ]
Thawte Consulting , ->...

sgsmusb.sys -> %System32%\dllcache\sgsmusb.sys -> Micro Systemation [Ver = 1, 0, 0, 4 | Size = 161568 bytes | Created Date = 1/10/2007 11:50:29 AM | Attr = ]
sis300ip.sys ->...

mxnic.sys -> %System32%\dllcache\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Created Date =...

e1000nt5.sys -> %System32%\dllcache\e1000nt5.sys -> Intel Corporation [Ver = 2.94.294.0 | Size = 50719 bytes | Created Date = 1/10/2007 11:44:27 AM | Attr = ]
e100b325.sys ->...

cwcspud.sys -> %System32%\dllcache\cwcspud.sys -> Crystal Semiconductor Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 111872 bytes | Created Date = 1/10/2007 11:43:46 AM | Attr = ]
cwcwdm.sys...

[Files - Created Wihin 30 days]
delete.bat -> %SystemDrive%\delete.bat -> [Ver = | Size = 106 bytes | Created Date = 1/9/2007 12:22:28 PM | Attr = ]
JSCRIPT.DL_ -> %SystemRoot%\JSCRIPT.DL_ -> ...

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] ->...

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe ->...

Yes, all other services are working; System Restore, Microsoft/Windows Update, User Accounts, System Information, and WMP 11.

Here's the Winpfind3u file:

WinPFind3 logfile created on: 1/17/2007...

Edit: regsvr32 /u vbscript.dll DOES work...

The other 3 do not.

Oddly, running:

regsvr32 /u jscript.dll gives me the error I received before when I did not have permissions to the keys...
...

I did a rollback on WMP, then upgraded to WMP 11 and it works fine now. No ActiveX issues any longer, I guess it was the Media Player that was not allowing videos to run in IE.

Onto the error...

Kaspersky Results:

I'm not able to get them onto the forum... As an attachment, it's 1.5Mb, and the character number is 700,000 approximate characters, and no way to reduce it to 20Kb or post in...

FINALLY! I have succeeded at getting both vbscript.dll and jscript.dll to register. Now, here is the list of problems... :funny:

WMP still opens to "An Internal Error Has Occurred".
...

Okay, that fix didn't work. still unable to register jscript.dll. I'm thinking that my issue is still in the permissions on the registry. I allowed permissions for all jscript keys and subkeys, as...

I have some good news for a change. vbscript.dll is registering again. I had to go into regedit and change permissions on all bad vbscript.dll keys and subkeys as well as jscript.dll. But,...

Same error... Cannot find script engine "VBScript".

Is there anyway to create a .reg file similar to the ghotiacre.zip file used for the jscript.dll?

The script 5.6 did not work, it failed to install jscript.dll and vbscript.dll.

The right click copy and overwrite from the system32 file worked and replaced them, yet it still failed to register...

I am the bearer of bad news today...

System Restore fails to restore to the 2 restore points from the 3rd of January. There are no earlier dates as no one else that used this PC ever used it. I...

Oh, and yes. I've tried to register in Normal Mode, Safe Mode, and every User profile that exists on the PC...

Same problem as before... Error installing jscript.dll and vbscript.dll.

I have a system restore point that goes back to the 3rd of January, but I wonder that after fixing the .dll problems, will...

Microsoft addressed the ActiveX problems by having users download from this URL.

http://windowsxp.mvps.org/reg/olereg.vbs

But, when I try to load up the reg change, I an error stating:
...

I ran a new find.bat, and here's the current results... I don't see vbscript.dll anywhere...

D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll...

Scratch that last one... f414c260 is back after running ghotiacre.zip once again.

Still missing this registry key as well, not sure if it has anything to do with the problem for WMP. Everything else seems to be working perfectly again, except that.
...

Oh, and hopefully, :fear:, last thing is I get the Internal Application Error Has Occured message for Windows Media Player. A related problem to this jscript.dll vbscript.dll problem. regsvr32...