jonilaal Posted December 9, 2007 Report Share Posted December 9, 2007 hello. can some one help please ,i have not been able to access my paypal account via this pc for weeks.every time i try to gain access a snake oil certificate pops and i don't get any further,have tried spybot/ad-adware/mcafee/aol live help ?.found this site via google hope someone can help. thanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:37:47, on 09/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\gearsec.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\AOL 9.0 VRd\waol.exec:\progra~1\mcafee.com\vso\mcvsftsn.exec:\program files\common files\aol\1154849122\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1154849122\ee\aolsoftware.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AOL 9.0 VRd\shellmon.exeC:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeC:\Program Files\DAP\DAP.EXEC:\Documents and Settings\Davies\Local Settings\Temporary Internet Files\Content.IE5\MJS5QTA1\HiJackThis_v2[1].exeC:\WINDOWS\system32\NOTEPAD.EXEc:\program files\mcafee.com\agent\mcagent.exec:\program files\mcafee.com\vso\mcvsshld.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Documents and Settings\Davies\My Documents\My Completed Downloads\HJTInstall.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com/sobar/defaultsearch.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllR3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)O1 - Hosts: 91.121.20.160 www.paypal.comO1 - Hosts: 91.121.20.160 paypal.comO1 - Hosts: 91.121.20.160 paypal.frO1 - Hosts: 91.121.20.160 www.paypal.frO1 - Hosts: 91.121.20.160 paypal.co.ukO1 - Hosts: 91.121.20.160 www.paypal.co.ukO1 - Hosts: 91.121.20.160 paypal.itO1 - Hosts: 91.121.20.160 www.paypal.itO1 - Hosts: 91.121.20.160 www.paypal.comO1 - Hosts: 91.121.20.160 paypal.comO1 - Hosts: 91.121.20.160 paypal.frO1 - Hosts: 91.121.20.160 www.paypal.frO1 - Hosts: 91.121.20.160 paypal.co.ukO1 - Hosts: 91.121.20.160 www.paypal.co.ukO1 - Hosts: 91.121.20.160 paypal.itO1 - Hosts: 91.121.20.160 www.paypal.itO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO3 - Toolbar: °Ù¶È³¬¼¶ËÑ°Ô - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dllO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-GB\local\search.htmlO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?286ceb9f5e76422d86f1a49ab7c87fabO8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?286ceb9f5e76422d86f1a49ab7c87fabO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/sha...84/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CABO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/sha...,21/mcgdmgr.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cabO16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp02.photoprintit.de/microsite/939...IPSUploader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{116448D1-6924-4513-97BF-4BEB58DDD0E0}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{13E96923-0F4A-4BD3-B943-DD6191600AF3}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{25E23F92-3BBA-4F33-BF61-8169B0868EBC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{2CE36F25-35D4-404A-8641-FAE654ED3133}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{5C104927-7EC4-4967-B287-A5B57F15FD67}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{A493CB15-4ED2-4704-8AB7-030A5F16B2F7}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{BA5449A2-4516-4A2E-B4A3-AFA9ABD2C579}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D41A93-253D-48C0-B3B6-3D8773AB3679}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MRobeService.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe--End of file - 14486 bytes Link to post Share on other sites
jwbirdsong Posted December 9, 2007 Report Share Posted December 9, 2007 Please print out or copy to Notepad for reading this as you may be in safemode or can not have IE open during most fixes.Please download FixWareout from HERE and save it to your deskop.DO NOT run it yetOpen HijackThis by clicking ScanOnly.place a check next to the following.O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dllO3 - Toolbar: °Ù¶È³¬¼¶ËÑ°Ô - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{2CE36F25-35D4-404A-8641-FAE654ED3133}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{5C104927-7EC4-4967-B287-A5B57F15FD67}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{A493CB15-4ED2-4704-8AB7-030A5F16B2F7}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{BA5449A2-4516-4A2E-B4A3-AFA9ABD2C579}: NameServer = 85.255.114.36,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D41A93-253D-48C0-B3B6-3D8773AB3679}: NameServer = 85.255.114.36,85.255.112.95Make sure ALL other windows/progrmas are closed and click Fix Checked.Do NOT reboot yetNOW run the fixwareout on your desktop. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin, follow the prompts. You will be asked to reboot your computer, please do so. Your system may take longer than usual to load. This is normal. Once the desktop loads post the text that will open C:\fixwareout\report.txt Save it to your desktop for now.... I will need in your next reply.Downlaod ComboFix to your desktopDouble click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stallAfter rebooting (Combofix will automatically boot )post the C:\fixwareout\report.txt and the Combofix log. Link to post Share on other sites
jonilaal Posted December 9, 2007 Author Report Share Posted December 9, 2007 (edited) hello jwbirdsong, thanks for taking the time to help.ComboFix 07-12-09.1 - Davies 2007-12-09 23:03:09.2 - NTFSx86Running from: C:\Documents and Settings\Davies\My Documents\New Folder\spare\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\Documents and Settings\Davies.\aria.txtC:\Documents and Settings\Davies\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.comC:\Documents and Settings\Davies\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.solC:\Documents and Settings\Davies\Local Settings\Application Data\tanaiodivc.datC:\Documents and Settings\Davies\Local Settings\Application Data\tanaiodivc_navps.datC:\Program Files\Win Stream pluginC:\Program Files\Win Stream plugin\basis.xmlC:\Program Files\Win Stream plugin\download.htmlC:\Program Files\Win Stream plugin\icons.bmp_16.bmpC:\Program Files\Win Stream plugin\version.txtC:\Program Files\Win Stream plugin\win_stream_plugin.crcC:\Program Files\windowsC:\Program Files\windows\jdic_stub.jarC:\Program Files\windows\x86\IeEmbed.exeC:\Program Files\windows\x86\jdic.dllC:\Program Files\windows\x86\MozEmbed.exeC:\Program Files\windows\x86\tray.dllC:\WINDOWS\hook33.txtC:\WINDOWS\system32\drivers\npf.sysC:\WINDOWS\system32\Packet.dllC:\WINDOWS\system32\pthreadVC.dllC:\WINDOWS\system32\WanPacket.dllC:\WINDOWS\system32\wpcap.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_BDGUARD-------\LEGACY_NPF-------\NPF((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))).2007-12-09 17:00 . 2007-12-09 17:37 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2007-12-09 16:59 . 2007-12-09 23:01 <DIR> d-------- C:\Program Files\Trojan Remover2007-12-09 16:59 . 2007-12-09 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software2007-12-09 16:59 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll2007-12-09 16:59 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll2007-12-09 16:59 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll2007-12-09 16:59 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll2007-12-09 16:59 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll2007-12-09 16:46 . 2007-12-09 16:46 <DIR> d-------- C:\Documents and Settings\Davies\Application Data\Simply Super Software2007-12-08 12:34 . 2007-03-20 11:26 227 --a------ C:\WINDOWS\sosuo.col2007-12-08 12:26 . 2007-12-08 12:28 <DIR> d-------- C:\Program Files\PPMate2007-12-08 12:26 . 2007-12-08 12:26 <DIR> d-------- C:\Documents and Settings\Davies\Application Data\PPMate2007-12-08 12:17 . 2007-12-08 12:17 22 --a------ C:\WINDOWS\system32\NVS2.INF.ren2007-11-29 16:44 . 2007-12-09 22:32 51,868 --a--c--- C:\VETlog.dmp2007-11-16 21:21 . 2007-12-04 11:38 <DIR> d-------- C:\Program Files\TuneUp Utilities 20072007-11-16 21:21 . 2007-11-16 21:21 <DIR> d-------- C:\Documents and Settings\Davies\Application Data\TuneUp Software2007-11-16 21:21 . 2006-12-19 16:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll2007-11-16 21:20 . 2007-11-16 21:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-11-16 21:20 . 2007-11-16 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software2007-11-15 19:20 . 2007-11-15 19:27 <DIR> d-------- C:\Program Files\DAP2007-11-15 19:20 . 2007-11-15 19:20 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx2007-11-12 19:07 . 2007-11-16 19:38 79 --a------ C:\WINDOWS\SuperUtil.ini2007-11-12 18:58 . 2007-11-12 18:58 0 --a------ C:\WINDOWS\system32\mssurun.dat.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-12-08 16:17 --------- d-----w C:\Program Files\SopCast2007-12-08 11:59 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL2007-12-08 11:59 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS2007-12-04 18:32 --------- d-----w C:\Documents and Settings\Davies\Application Data\LimeWire2007-12-04 14:56 --------- d-----w C:\Documents and Settings\Davies\Application Data\AVG72007-12-04 14:53 --------- d-----w C:\Program Files\BPS Remover2007-12-01 10:51 --------- d-----w C:\Program Files\Windows Live Toolbar2007-11-23 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads2007-11-17 10:11 --------- d-----w C:\Program Files\SuperLogix2007-11-16 14:31 --------- d-----w C:\Documents and Settings\Davies\Application Data\dvdcss2007-11-14 13:28 --------- d-----w C:\Program Files\Google2007-11-12 17:44 --------- d-----w C:\Program Files\Full Speed2007-11-12 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems2007-11-12 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-11-12 17:01 --------- d-----w C:\Program Files\Ulead Systems2007-11-12 16:17 --------- d-----w C:\Documents and Settings\Davies\Application Data\Ulead Systems2007-11-11 21:04 --------- d-----w C:\Program Files\TVUPlayer2007-11-10 12:39 --------- d-----w C:\Program Files\AOL 9.0 VRd2007-11-10 12:37 --------- d-----w C:\Program Files\Common Files\aolshare2007-11-09 22:08 --------- d-----w C:\Program Files\Gogglebox TV2007-11-05 23:40 --------- d-----w C:\Program Files\WinZix2007-11-04 20:13 --------- d-----w C:\Program Files\XPRepairPro20062007-11-04 14:22 --------- d-----w C:\Program Files\XP Repair Pro 20072007-11-03 16:13 --------- d-----w C:\Program Files\Common Files\AOL2007-11-03 15:25 --------- d-----w C:\Documents and Settings\Davies\Application Data\AOL2007-11-03 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL2007-11-02 21:54 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys2007-11-02 08:41 --------- d-----w C:\Program Files\Picasa22007-11-02 08:30 --------- d-----w C:\Documents and Settings\Davies\Application Data\Corel2007-11-01 21:05 --------- d-----w C:\Program Files\AOL 9.0 VRc2007-11-01 19:41 --------- d-----w C:\Program Files\Common Files\aolback2007-11-01 19:26 --------- d-----w C:\Program Files\AOL 9.0a2007-11-01 19:25 --------- d-----w C:\Program Files\AOL 9.0 VRa2007-11-01 19:25 --------- d-----w C:\Program Files\AOL 9.0 VR2007-11-01 19:23 --------- d-----w C:\Program Files\AOL 9.0 VRb2007-10-30 22:16 --------- d-----w C:\Documents and Settings\Davies\Application Data\Vso2007-10-30 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk2007-10-16 16:39 --------- d-----w C:\Program Files\Xilisoft2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe2007-08-25 18:56 1,083 ----a-w C:\Documents and Settings\Davies\License Key.reg2007-08-08 15:02 847 ------w C:\Program Files\shows.ted2007-08-08 15:02 272 ------w C:\Program Files\config.ted2007-08-08 14:58 10,761 ------w C:\Program Files\rss-urls.txt2007-05-12 16:07 255,864 ------w C:\Documents and Settings\Davies\Application Data\mdb.bin2007-05-04 21:34 87,608 ------w C:\Documents and Settings\Davies\Application Data\ezpinst.exe2007-05-04 21:34 47,360 ------w C:\Documents and Settings\Davies\Application Data\pcouffin.sys2007-04-12 14:40 32,768 ------w C:\Documents and Settings\Davies\wngvvv.exe2006-07-16 20:28 53,248 ------w C:\Program Files\ted.exe2006-07-16 20:13 174,418 ------w C:\Program Files\ted.jar2006-07-16 19:07 836 ------w C:\Program Files\README.txt2006-07-16 19:05 4,103 ------w C:\Program Files\CHANGELOG.txt2006-04-22 10:02 422 ------w C:\Program Files\rss-watch.TXT2006-02-27 20:20 75,102 ------w C:\Program Files\rssutils.jar2006-02-27 20:20 45,364 ------w C:\Program Files\jdic.jar2003-06-20 02:05 49,776 ------w C:\WINDOWS\inf\usbhub20.sys2003-06-20 02:05 24,752 ------w C:\WINDOWS\inf\hidclass.sys2003-06-20 02:05 20,688 ------w C:\WINDOWS\inf\usbd.sys2003-06-20 02:05 19,728 ------w C:\WINDOWS\inf\usbehci.sys2003-06-20 02:05 138,288 ------w C:\WINDOWS\inf\usbport.sys2007-06-04 11:58 88 --sh--r C:\WINDOWS\system32\E38ED53C01.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 20:42]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 07:21][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 16:10]"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 13:47]"HostManager"="C:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exe" [2006-11-17 13:21]"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 17:02]"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 20:50]"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 10:00]"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2003-08-21 17:10]"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 11:06]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 20:46]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-05 13:29]"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-25 13:33][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-05-06 19:23]"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP"SoundMan"=SOUNDMAN.EXER2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exeR2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcsR3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sysR3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYSS3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sysS3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\DNINDIS5.SYSS3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sysHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder"2007-12-07 17:18:27 C:\WINDOWS\Tasks\1-Click Maintenance.job"- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe"2007-12-09 22:13:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE"2007-12-09 23:00:45 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DAVIES-A39B2157-Davies).job"- c:\program files\mcafee.com\vso\mcmnhdlr.exe"2007-12-09 19:53:19 C:\WINDOWS\Tasks\McAfee.com Update Check (DAVIES-A39B2157-Davies).job"- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex- C:\PROGRA~1\mcafee.com\agent.DaviesYMcAfee SecurityCenter periodically checks for updates for your McAfee Security Services."2007-12-09 23:00:17 C:\WINDOWS\Tasks\Symantec NetDetect.job"- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE.**************************************************************************catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-09 23:05:51Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-12-09 23:06:50. --- E O F ---================================================================NEXT NOTE PAD Username "Davies" - 09/12/2007 22:22:32 [Fixwareout edited 9/01/2007]~~~~~ Prerun checkHKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{25E23F92-3BBA-4F33-BF61-8169B0868EBC}"DhcpNameServer"="85.255.114.36,85.255.112.95" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5C104927-7EC4-4967-B287-A5B57F15FD67}"DhcpNameServer"="85.255.114.36,85.255.112.95" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A493CB15-4ED2-4704-8AB7-030A5F16B2F7}"DhcpNameServer"="85.255.114.36,85.255.112.95" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D7D41A93-253D-48C0-B3B6-3D8773AB3679}"DhcpNameServer"="85.255.114.36,85.255.112.95" <Value cleared.HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E63E62AC-9C71-4936-8046-5B2B68710ED3}"DhcpNameServer"="85.255.114.36,85.255.112.95" <Value cleared.Successfully flushed the DNS Resolver Cache.System was rebooted successfully. ~~~~~ Postrun check ........~~~~~ Misc files. ....~~~~~ Checking for older varients.....~~~~~ Current runs (hklm hkcu "run" Keys Only)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon""DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe""HostManager"="C:\\Program Files\\Common Files\\AOL\\1154849122\\ee\\AOLSoftware.exe""VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask""VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"""MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe""MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe""AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe""TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot""QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime""TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe""H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\"""msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"....Hosts file was reset, If you use a custom hosts file please replace it...~~~~~ End report ~~Have just tried to log into my account,couldn't wait, and hay presto it works for the first time in weeks.this has been a major headache for me so can not say thank you enough jwbirdsong your a star.is there anything i need to do to stop this happening again. Edited December 9, 2007 by jonilaal Link to post Share on other sites
jwbirdsong Posted December 11, 2007 Report Share Posted December 11, 2007 Sorry i was having connection trouble yesterday.Looking lots betterUsing Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner Click "I accept"You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available otherwise Standard)[*]Scan Options: Scan Archives Scan Mail Bases[*]Click OK [*]Now under select a target to scan select My Computer [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. [*]Now click on the Save report button.[*]Call it Kaspersky.txt[*]Expand the arrow beside "file types" and save as .txt file.[*]Save the file to your desktop. [*]Copy and paste that information in your next post.*NoteIf you have Internet Explorer 7 installed:If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.Page will reload and you should be able to carry on scan.If the KAV log has your email all over it -- please attach it rather than copy/paste. Link to post Share on other sites
jonilaal Posted December 13, 2007 Author Report Share Posted December 13, 2007 hi jwbirdsong, sorry for delay been trying to run Kaspersky it will run, and first box runs ok but keeps getting stuck at second box saying i need admin rights? and to set internet explorer security to medium.admin rights not sure what that refers too,internet explorer security is already set to medium.what should i do now. thanks Link to post Share on other sites
jwbirdsong Posted December 15, 2007 Report Share Posted December 15, 2007 Download Dr.Web CureIt to the desktop:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exeDoubleclick the drweb-cureit.exe file and Allow to run the express scanThis will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, in the menu, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Post the Cureit log please and a HijackThis log Link to post Share on other sites
jonilaal Posted December 16, 2007 Author Report Share Posted December 16, 2007 hope this is right, cheers..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:33:50, on 16/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\gearsec.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\progra~1\mcafee.com\vso\mcvsftsn.exec:\program files\common files\aol\1154849122\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1154849122\ee\aolsoftware.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\AOL 9.0 VRd\waol.exeC:\Program Files\AOL 9.0 VRd\shellmon.exeC:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\divxsm.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Windows Media Player\WMPEnc.exeC:\Documents and Settings\Davies\My Documents\My Completed Downloads\HJTInstall.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllR3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-GB\local\search.htmlO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?286ceb9f5e76422d86f1a49ab7c87fabO8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?286ceb9f5e76422d86f1a49ab7c87fabO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/sha...84/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CABO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/sha...,21/mcgdmgr.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cabO16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp02.photoprintit.de/microsite/939...IPSUploader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{116448D1-6924-4513-97BF-4BEB58DDD0E0}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{13E96923-0F4A-4BD3-B943-DD6191600AF3}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{25E23F92-3BBA-4F33-BF61-8169B0868EBC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MRobeService.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe--End of file - 12710 bytes--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------08277111.FIL;C:\$VAULT$.AVG;Trojan.Packed.149;Incurable.Moved.;setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ASPUK;Probably BACKDOOR.Trojan;Incurable.Deleted.;backup-20071209-221900-679.dll;C:\Documents and Settings\Davies\My Documents\My Completed Downloads\backups;Adware.Baidu.304;Incurable.Deleted.;the lancashire hotpots 29.wma;C:\Documents and Settings\Davies\Shared;Trojan.Isbar.389;Deleted.;[new release] mc hypo 55.wma;C:\Documents and Settings\Davies\Shared;Trojan.Isbar.389;Deleted.;[New Version] mc benji 52.wma;C:\Documents and Settings\Davies\Shared;Trojan.Isbar.389;Deleted.;(livestream) mc benji 58.wma;C:\Documents and Settings\Davies\Shared\New Folder;Trojan.Isbar.389;Deleted.;(New Release) mc benji 51.wma;C:\Documents and Settings\Davies\Shared\New Folder;Trojan.Isbar.389;Deleted.;01 - mc hypo 03.wma;C:\Documents and Settings\Davies\Shared\New Folder;Trojan.Isbar.389;Deleted.;[new release] mc hypo 55.wma;C:\Documents and Settings\Davies\Shared\New Folder;Trojan.Isbar.389;Deleted.;[New Version] mc benji 52.wma;C:\Documents and Settings\Davies\Shared\New Folder;Trojan.Isbar.389;Deleted.;setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Incurable.Deleted.;setup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite;Probably BACKDOOR.Trojan;Incurable.Deleted.;fwRemoteCfg.dll;C:\Program Files\Common Files\FTL Shared;Probably DLOADER.Trojan;Incurable.Deleted.;InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;Incurable.Deleted.;PkgManager.dll;C:\Program Files\ConvertMovie 4.1;Adware.Look2me.origin;Incurable.Deleted.;NPMyGlSh.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Msearch;Incurable.Deleted.;NetTools.dll;C:\Program Files\PPLive;Adware.Winad.origin;Incurable.Deleted.;neotvsession.dll;C:\Program Files\PPMate;Probably DLOADER.Trojan;Incurable.Deleted.;ppmate.dll;C:\Program Files\PPMate;Adware.Dudu.origin;Incurable.Deleted.;Stream1.dll;C:\Program Files\WMR11;Trojan.Proxy.1381;Deleted.;A0004257.dll;C:\System Volume Information\_restore{B33D56A2-B1B0-4746-9C24-48A9C4731822}\RP8;Trojan.Proxy.1381;Deleted.;kdczs.ex$;C:\WINDOWS\system32;Trojan.DnsChange;Deleted.; Link to post Share on other sites
jwbirdsong Posted December 23, 2007 Report Share Posted December 23, 2007 Sorry this reply must have slipped by me..everything looks pretty good post an update HijackThis log and any further problems the computer is having. Link to post Share on other sites
jonilaal Posted December 23, 2007 Author Report Share Posted December 23, 2007 hi jwbirdsong,PC seems to be running ok'ish now thanks,are there any programs I could do with putting on to stop my PC being affected again ? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:07, on 23/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\gearsec.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeC:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEc:\progra~1\mcafee.com\vso\mcvsescn.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\Messenger\msmsgs.exec:\program files\common files\aol\1154849122\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exec:\program files\common files\aol\1154849122\ee\aolsoftware.exeC:\Program Files\AOL 9.0 VRd\waol.exeC:\Program Files\AOL 9.0 VRd\shellmon.exeC:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeC:\Documents and Settings\Davies\Desktop\HJTInstall.exeC:\Documents and Settings\Davies\Local Settings\Temporary Internet Files\Content.IE5\E92R45MR\HJTInstall[1].exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllR3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe iconO4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154849122\ee\AOLSoftware.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-GB\local\search.htmlO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?286ceb9f5e76422d86f1a49ab7c87fabO8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?286ceb9f5e76422d86f1a49ab7c87fabO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLLO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/sha...84/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CABO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/sha...,21/mcgdmgr.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cabO16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp02.photoprintit.de/microsite/939...IPSUploader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{116448D1-6924-4513-97BF-4BEB58DDD0E0}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{13E96923-0F4A-4BD3-B943-DD6191600AF3}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{25E23F92-3BBA-4F33-BF61-8169B0868EBC}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MRobeService.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe--End of file - 12800 bytes Link to post Share on other sites
jwbirdsong Posted December 23, 2007 Report Share Posted December 23, 2007 Open you Control Panel>Add/Remove programs> uninstall ALL old JAVA/JRE/JSE programs listed. Then download and install the latest version Java 6 Update 3Time for some housekeeping Click START then RUN Now type Combofix /u in the runbox and click OK[*] When shown the disclaimer, Select "2"The above procedure will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present[*] Reset the clock settings.[*] Hide file extensions, if required.[*] Hide System/Hidden files, if required.[*] Reset System Restore.To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.More info and download is available at links in the following article by TonyKleinMake SURE to read How Did I Get Infected in the First Place?? Link to post Share on other sites
jonilaal Posted December 23, 2007 Author Report Share Posted December 23, 2007 thanks jwbirdsong, all done pc seems ok, will install spywares. many,many thanks for help with initial problem. cheers. john. Link to post Share on other sites
jwbirdsong Posted December 24, 2007 Report Share Posted December 24, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts