XP update problems Malware ?

  [DELETED] 17:35 20 Jan 2006

Havig serious problems getting a friends system running.
Started with Spyace & Spyware strike.
Have run XP SP1 repair will not allow access to windows firewall,update to service pack2 or installation of AVG among others. Could an expert out there look at this HJT log and comment. If I need to access Registry please give detail as its new territory.


Logfile of HijackThis v1.99.1
Scan saved at 17:05:33, on 20/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:












C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe


O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\System32\hp68FB.tmp (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll

O15 - Trusted Zone: click here (HKLM)

O15 - Trusted Zone: click here (HKLM)

O15 - Trusted Zone: click here (HKLM)

O15 - Trusted Zone: click here (HKLM)

O15 - Trusted Zone: click here (HKLM)

O15 - Trusted Zone: click here (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - click here

O16 - DPF: {33331111-1111-1111-1111-611111193423} - click here

O16 - DPF: {33331111-1111-1111-1111-611111193429} - click here

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O16 - DPF: {33331111-1234-1111-1111-615111193427} - click here

O16 - DPF: {43331111-1111-1111-1111-611111195622} - click here

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - click here

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - F:\Program Files\Spyware Doctor\sdhelp.exe (file missing)

  rawprawn 17:38 20 Jan 2006

You would be much better posting the HJT Log
click here where experts can look at it.

  [DELETED] 17:38 20 Jan 2006

I suggest that you post this on the Malware Removal forum click here where the HJT gurus hang out.

  [DELETED] 18:04 20 Jan 2006

Thanks for that will keep you informed

  [DELETED] 18:50 20 Jan 2006

I see that you've posted over there. Just a tip - don't be tempted to 'bump' your thread if it doesn't get a response for a while. The admins look for threads with zero replies to assign a helper (it isn't like here, where anybody can pitch-in).

  [DELETED] 23:06 20 Jan 2006

Crikey! If click here is your thread then you are being helped by the best on the net.

  [DELETED] 23:08 01 Feb 2006

Just to say I got there in the end, was struggling for a while but thanks to the Nellie2 it came out right in the end.

Thanks once again for pointing me in the right direction.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Microsoft Surface Book 2 15in review

Illustrator Amy Grimes on how setting up her own eco-brand led to success with clients too

MacBook Pro keyboard issues and other problems

Test : l’enceinte connectée HomePod d’Apple