It’s cool! it’s “brute force” helping. lol.
ok i had some unpredicted events here in my house…lol sorry
after i made last scan with MBAM…the scan didnt find nothing any more but the crashing of mozilla and skype remain and i cant update avast…and for mbam it gives me information that its already updated.so i can’t check if it working
i turned on automatic update for windows and tryed to go on the windows update page but something is strange nothing happens and the page freeze …(not responding)
ill try to do hijack this scan
and try to update avast again manually
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:35, on 30.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU..\Run: [ccleaner] “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ispuni obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Prilagodi izbornik - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Alatna traka - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Spremi obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spremi - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Spremi obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RF Alatna traka - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238439717937
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c987047ad7ad86) (gupdate1c987047ad7ad86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
–
End of file - 9197 bytes
i download the updates for avast manually and the message apears : virus database is updated from 090329-00 to 090330-00
ill do a boot time scan
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware and yours is well out of date and vulnerable to exploit. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
Or JRE version 6 update 13 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html
Fix:
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
See http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search={C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
Those O16 entries for on-line scanners can be removed/fixed as they aren’t needed unless you are going to run the scans again, if you did want to run them again the activeX controls (O16 entries) would be recreated, so they are a bit redundant.
AdAware IMHO is a waste of hard disk space and has been a total passenger in this so I would say time for it to go. You now have MABM I would suggest you also get superantispyware.
You don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?
ok since i work online and i need my pc i decited to currently use another computer…
it think its better that way…now its even that 1 april thing coming…and i need to do some important transactions
about the sugestion to remove and update thank you ill try to do all that
also ill remove ad aware
i had a personal firewall… sygate symantec…but i remove it …because i removed half of my pc yesterday when this started to happen…lol
i want to thank all of you for help …and as soon ill be o my pc ill post again …
thank you!!
You’re welcome.
You should turn on windows update automatic 
if u didnt then you should me i have do that its a good way too for prevent of the worm and conflicker
I would also consider fixing the entry O1 - Hosts: 66.98.148.65 auto.search.msn.es, unless you know why its there.It seems suspicious, especially as all your problems seem internet based
ok ALL the problems remains the same …cant update avast and MBAM also…i tryed to update windows but i dont have original windows and i just have genuine windows detector poping out all the time but dont know if i updated windows (dont know how to see if windows is updated) im at my pc again and will try to do as you guys sugested me…but
DavidR
-
can you tell me when i want to update java …in ad remove programs i have … Java ™ se runtime enviroment 6.
do i need to remove it and instal new from the link you gave me ( http://java.sun.com/javase/downloads/index.jsp ) or just update with that link. -
how to fix O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
do i need to delete it?..where should i find that file …and what i need to do with this link that you gave me?
http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search={C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
016 entries of online scaners i can delete in program files? or?
i removed ad aware
micky77
how do i need to fix O1 - Hosts: 66.98.148.65 auto.search.msn.es.
where do i find it and do i need to delete it.
thank you please help.
today i downloaded this http://www.bdtools.net/
bit defender removal tool for conficker …hopping it will remove it .but mozilla instantlly crash on that page …so i opened again and download it run a scan and in the midle of the progress bar on scaner…the program just informs …no problem found…hm strange behaviour…
To fix O1 - Hosts: 66.98.148.65 auto.search.msn.es, open HJT choose scan only, put a tick in the box next to that entry,then choose fix selected.Although I think there maybe another underlying problem elsewhere
This is hijack this new log i made today…
i selected all scaners and files that you have sugested me and fix them all from the old hjt log…
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:31, on 4.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU..\Run: [ccleaner] “C:\Program Files\CCleaner\CCleaner.exe” /AUTO
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ispuni obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Prilagodi izbornik - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Alatna traka - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Spremi obrasce - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Ispuni obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spremi - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Spremi obrasce - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RF Alatna traka - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238439717937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c987047ad7ad86) (gupdate1c987047ad7ad86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
–
End of file - 7262 bytes
I instaled super anti spyware profesional and …guess what…cant update… .
the message i was geting was:
generic host processfor win32 services has encountered a problem and needs to close we are sorry …
and in thechnical descriptions this locations was shown
c:/DOCUME~1/sasa/LOCALS~1/TEMP/WER fbfc.dir00/cvchost.exe.mdmp
and
c:/DOCUME~1/sasa/LOCALS~1/TEMP/WER fbfc.dir00/appcompat.txt
But i did complete scan with Super anti spyware and he found 2 viruses…here is thhe log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2009 at 10:26 PM
Application Version : 4.26.1000
Core Rules Database Version : 3816
Trace Rules Database Version: 1770
Scan type : Complete Scan
Total Scan Time : 00:14:28
Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 4691
Registry threats detected : 1
File items scanned : 12518
File threats detected : 1
Trojan.DNSChanger-Codec
HKU\S-1-5-21-1757981266-963894560-725345543-1003\Software\WinSpyControlDownloader
Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\SASA\APPLICATION DATA\THINSTALL\CSDATA\1000000600002I\SVCHOST.EXE
now Ill remove Java and instal new
Your latest HJT log looks good … nothing to report except the absence of a firewall and I suppose your are using Windows firewall.
Thats excellent SAS has found the pigs thats stopping you updating your programs
You can update SAS manually ( use another pc ) http://www.superantispyware.com/definitions.html
I take it you removed both threats, try another scan,if they return,reboot in safe mode ( f8 ) key and scan 
I instaled http://www.freedrweb.com
dr web found:
ZAN2EA.exe.bac_a01120\data005;C:\Documents and Settings\Sasa.housecall6.6\Quarantine\ZAN2EA.exe.bac_a01120;Trojan.Popclick.44;;
ZAN2EA.exe.bac_a01120;C:\Documents and Settings\Sasa.housecall6.6\Quarantine;Archive contains infected objects;Moved.;
ZAN2EA.exe.bac_a02428\data005;C:\Documents and Settings\Sasa.housecall6.6\Quarantine\ZAN2EA.exe.bac_a02428;Trojan.Popclick.44;;
ZAN2EA.exe.bac_a02428;C:\Documents and Settings\Sasa.housecall6.6\Quarantine;Archive contains infected objects;Moved.;
bd_rem_tool_console.exe;C:\Documents and Settings\Sasa\Desktop\New Folder;Probably MULDROP.Trojan;Moved.;
some problems where automaticaly moved to quarantine and some where moved …where (dont know)
i did not understand how can i update superantispyware manually with another computer
All those files named ZAN2EA.exe.bac, appear to be from what Trend Micros housecall online scanner found : Did housecall find anything ? Or maybe its something to do with the scanner.
http://forum.avast.com/index.php?topic=43784.msg366285#msg366285
The last ‘threat’ found by Drweb is the tool you used
http://forum.avast.com/index.php?topic=43784.msg367582#msg367582 from bit defender
So all in all looks like everything Drweb found was no harm at all
To update SAS manually, download the definitions from another pc, and transfer to the infected one via cd, make sure SAS is not running and double click on the update file.This is only necessary if you cannot update automatically.
So after SAS found those two threats, are you still not able to update programs ?
ok i will update sas manually tomorow when ill be on other pc…
yes it seems that that’s it …those files were from bit bdefender tool…and yes trend micro found 3 or four problems …but since it was not stated as big problems or viruses …i did not posted that on forum…and it was one of the first scans and somethimes trend micro found even those potential problems…so it did not seems something important…sorry…
all problems are still here…
i updated java allso…removed skype and msn programs and half of pc …but still mozilla crash from time to time and cant update avast sas and mbam.
also when i go to update page for windows the page freeze?! i dont have original windows so dont know if thats the virus that prevenhing me to update or microsoft.
besides updating sas and runing scan in safe mode is there any thing i can do more .maybe trend micro scan again or kasperski.?
thanks
Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s: