Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Help!

Unread postby cruach » October 16th, 2006, 4:18 pm

Logfile of HijackThis v1.99.1
Scan saved at 21:07:13, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
H:\PROGRA~1\PESTPA~1\PPControl.exe
H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\internetcalls.com\internetcalls\internetcalls.exe
H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
H:\Program Files\Changer XP\ChangerXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
H:\Program Files\NetCaptor\NetCaptor.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\setup.exe
C:\Documents and Settings\Trevor Moore\My Documents\My Completed Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PPMemCheck] H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] H:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [window mpeg data loud] C:\Documents and Settings\All Users\Application Data\ErrorOozeWindowMpeg\PlusDupe.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Second Copy 2000] "H:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\program files\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FOUR BORE] C:\DOCUME~1\LOCALS~1\APPLIC~1\PILEWA~1\Eq beep nurb.exe
O4 - Startup: PrintKey-Pro.lnk = H:\Program Files\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Changer XP.lnk = H:\Program Files\Changer XP\ChangerXP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk14569GB
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-gb.technip.com/iNotes6.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3732836058
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7160461929
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BT ... reQual.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm
Advertisement
Register to Remove

Unread postby Blade81 » October 17th, 2006, 12:44 am

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience! :)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby cruach » October 17th, 2006, 3:59 am

Thanks.
I'll be out of the country for the next two days, so I won't be able to respond to any queries until Thursday.
Please be assured I still need help in the meantime!
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Unread postby Blade81 » October 17th, 2006, 6:45 am

Thanks for letting us know. :)


Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.--
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

NoLop Log

Unread postby cruach » October 18th, 2006, 6:13 pm

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Trevor Moore\Desktop
[18/10/2006]
[22:44:34]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B568143091BF8AA8.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bt Yahoo!
C:\Documents and Settings\All Users\Application Data\Erroroozewindowmpeg
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Powerquest
C:\Documents and Settings\All Users\Application Data\Qubesoft
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Roboform
C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Emily Moore\Application Data\Bamzooki
C:\Documents and Settings\Emily Moore\Application Data\Changer Xp
C:\Documents and Settings\Emily Moore\Application Data\Identities
C:\Documents and Settings\Emily Moore\Application Data\Macromedia
C:\Documents and Settings\Emily Moore\Application Data\Microsoft
C:\Documents and Settings\Emily Moore\Application Data\Real
C:\Documents and Settings\Henry Moore\Application Data\Bamzooki
C:\Documents and Settings\Henry Moore\Application Data\Changer Xp
C:\Documents and Settings\Henry Moore\Application Data\Identities
C:\Documents and Settings\Henry Moore\Application Data\Macromedia
C:\Documents and Settings\Henry Moore\Application Data\Microsoft
C:\Documents and Settings\Henry Moore\Application Data\Real
C:\Documents and Settings\Henry Moore\Application Data\Stilesoft
C:\Documents and Settings\Janette Moore\Application Data\Adobe
C:\Documents and Settings\Janette Moore\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Janette Moore\Application Data\Bamzooki
C:\Documents and Settings\Janette Moore\Application Data\Changer Xp
C:\Documents and Settings\Janette Moore\Application Data\Google
C:\Documents and Settings\Janette Moore\Application Data\Identities
C:\Documents and Settings\Janette Moore\Application Data\Macromedia
C:\Documents and Settings\Janette Moore\Application Data\Microsoft
C:\Documents and Settings\Janette Moore\Application Data\Real
C:\Documents and Settings\Janette Moore\Application Data\Stilesoft
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Pile Way Remote
C:\Documents and Settings\Localservice\Application Data\Stilesoft
C:\Documents and Settings\Localservice\Application Data\Yahoo!
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Stanley Moore\Application Data\Adobe
C:\Documents and Settings\Stanley Moore\Application Data\Bamzooki
C:\Documents and Settings\Stanley Moore\Application Data\Changer Xp
C:\Documents and Settings\Stanley Moore\Application Data\Google
C:\Documents and Settings\Stanley Moore\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Stanley Moore\Application Data\Identities
C:\Documents and Settings\Stanley Moore\Application Data\Installshield
C:\Documents and Settings\Stanley Moore\Application Data\Iscreensaver
C:\Documents and Settings\Stanley Moore\Application Data\Macromedia
C:\Documents and Settings\Stanley Moore\Application Data\Microsoft
C:\Documents and Settings\Stanley Moore\Application Data\Motive
C:\Documents and Settings\Stanley Moore\Application Data\Real
C:\Documents and Settings\Stanley Moore\Application Data\Robots
C:\Documents and Settings\Stanley Moore\Application Data\Stilesoft
C:\Documents and Settings\Stanley Moore\Application Data\Yahoo!
C:\Documents and Settings\Trevor Moore\Application Data\Adobe
C:\Documents and Settings\Trevor Moore\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Trevor Moore\Application Data\Apple Computer
C:\Documents and Settings\Trevor Moore\Application Data\Bamzooki
C:\Documents and Settings\Trevor Moore\Application Data\Changer Xp
C:\Documents and Settings\Trevor Moore\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Trevor Moore\Application Data\Hp
C:\Documents and Settings\Trevor Moore\Application Data\Identities
C:\Documents and Settings\Trevor Moore\Application Data\Image Zone Express
C:\Documents and Settings\Trevor Moore\Application Data\Internetcalls
C:\Documents and Settings\Trevor Moore\Application Data\Intertrust
C:\Documents and Settings\Trevor Moore\Application Data\Iscreensaver
C:\Documents and Settings\Trevor Moore\Application Data\Isolatedstorage
C:\Documents and Settings\Trevor Moore\Application Data\Last.fm
C:\Documents and Settings\Trevor Moore\Application Data\Lavasoft
C:\Documents and Settings\Trevor Moore\Application Data\Macromedia
C:\Documents and Settings\Trevor Moore\Application Data\Media Player Classic
C:\Documents and Settings\Trevor Moore\Application Data\Microsoft
C:\Documents and Settings\Trevor Moore\Application Data\Motive
C:\Documents and Settings\Trevor Moore\Application Data\Mozilla
C:\Documents and Settings\Trevor Moore\Application Data\Pile Way Remote
C:\Documents and Settings\Trevor Moore\Application Data\Real
C:\Documents and Settings\Trevor Moore\Application Data\Registry Booster
C:\Documents and Settings\Trevor Moore\Application Data\Robots
C:\Documents and Settings\Trevor Moore\Application Data\Skype
C:\Documents and Settings\Trevor Moore\Application Data\Startu~1
C:\Documents and Settings\Trevor Moore\Application Data\Stilesoft
C:\Documents and Settings\Trevor Moore\Application Data\Symantec
C:\Documents and Settings\Trevor Moore\Application Data\Yahoo!
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Hijack This Log

Unread postby cruach » October 18th, 2006, 6:14 pm

Logfile of HijackThis v1.99.1
Scan saved at 23:14:17, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
H:\PROGRA~1\PESTPA~1\PPControl.exe
H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\program files\internetcalls.com\internetcalls\internetcalls.exe
H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\progra~1\intern~1\iexplore.exe
H:\Program Files\Changer XP\ChangerXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
H:\Program Files\PrintKey-Pro\PKey_Pro.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
h:\Program Files\NetCaptor\NetCaptor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Trevor Moore\My Documents\My Completed Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PPMemCheck] H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] H:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [window mpeg data loud] C:\Documents and Settings\All Users\Application Data\ErrorOozeWindowMpeg\PlusDupe.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Second Copy 2000] "H:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [InternetCalls] "C:\program files\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FOUR BORE] C:\DOCUME~1\LOCALS~1\APPLIC~1\PILEWA~1\Eq beep nurb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PrintKey-Pro.lnk = H:\Program Files\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Changer XP.lnk = H:\Program Files\Changer XP\ChangerXP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk14569GB
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-gb.technip.com/iNotes6.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3732836058
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7160461929
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BT ... reQual.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Unread postby Blade81 » October 19th, 2006, 1:44 am

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Disable Windows Defender's realtime protection.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
  • Exit the program.


Hi it seems you are running DAP. DAP is not technically malware, but it may include malware and allow it into the system. If you decide to remove it you can find safer alternatives here:
http://www.spywareinfo.com/downloads.ph ... lman#dlman

If you decided to remove DAP then remove it thru add/remove programs.

Start hijackthis, click do a system scan only, check (red only if you removed DAP):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O4 - HKLM\..\Run: [window mpeg data loud] C:\Documents and Settings\All Users\Application Data\ErrorOozeWindowMpeg\PlusDupe.exe
O4 - HKCU\..\Run: [FOUR BORE] C:\DOCUME~1\LOCALS~1\APPLIC~1\PILEWA~1\Eq beep nurb.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk14569GB
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

Close all browsers & other windows and click fix checked.

Delete following folders (red only if you removed DAP):
C:\Documents and Settings\All Users\Application Data\ErrorOozeWindowMpeg
C:\Documents and Settings\Localservice\Application Data\Pile Way Remote
C:\Documents and Settings\Trevor Moore\Application Data\Pile Way Remote
C:\Program Files\DAP

___________________________________

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09- windowsi586-p.exe to install the newest version.

_____________________________________

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


______________________________________________________________


You seem to have AVG Anti-Spyware so we'll run it too.

  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


I recommend you to print/save following instructions because you can't access them online while in safe mode.

Reboot into safe mode (press F8 before Windows loading screen and select safe mode option).


Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.


Send a fresh hjt log and AVG Anti-Spyware log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Comments

Unread postby cruach » October 19th, 2006, 7:29 am

Thanks for the help so far. I did all I could in your instructions, but couldn't do some things.
Windows Defender won't open so I couldn't disable it. A warning comes on at boot up saying it won't start. Asks to see Help and Supprt to find out how to enable the service manually, but I can't open help and support because another service isn't running!

Couldn't uninstall the old version of Java because the Windows Installer service won't load, so the Java update hasn't taken place.

Other than that I did all you asked - oh, one of the nasties AVG found (Euroclick tracking cookie) didn't have an option to quarantine, so I deleted it.

There follow a post I submitted to another website about this problem (they directed me to you), which may give you some clues:

"My PC (running XP Professional SP2) is not starting many of the services when it boots up.
msconfig tells me the following are stopped:
Application Layer Gateway Service
Application Management
ASP.NET State Service
Windows Audio
Computer Browser
Symantec Event Manager
Symantec Internet Security
Symantec Network Proxy
Symantec Settings Manager
Indexing Service
COM+System Application
Remote Procedure Call
System Event Notification
Windows Firewall/Internet Connection Sharing
As a result I cannot operate my Norton Anti-Virus Software. Nor can I open Windows Help and Support or other utilities because the service is not running.
Came to find Norton had found a virus on the PC (Drive...something or other, I think).
Removed the virus, did a reboot in safe made and ran various pest removers successfully, but couldn't start Norton Anti-virus. It says both the Anti-virus and the Firewall have expired.
Tried rebooting in Normal Startup made, but to no avail.
BOOT.INI is "multi(0)disk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect/NoExecute=OptIn /KERNEL=CXLOGO.EXE"
Tried to reinstall XP but it wont let me because "Windows has detected that one or more protected core system files (kernel) on your computer have been modified. The Service Pack contains updated versions of those files, which work to provide a stable environment for your programs. Due to this modification, the Service Pack will not be installed. For more information, see Knowledge Base article Q327516 at click here."
I'm lost!
Please help!"
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

AVG Log

Unread postby cruach » October 19th, 2006, 7:30 am

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:02:53 19/10/2006

+ Scan result:



K:\My Downloads\Installed\crkbrd.exe/F0000020.DAT -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\NetSpy Protector\quarantie\16-10-2006-17-27-55\5a359f5b-3630-4b11-9a32-ba0f0e2c2166.bak -> TrackingCookie.Euroclick : Cleaned.
K:\My Downloads\Installed\SiSoft_Sandra_Standard_2001_v3.7.50_by_EViDENCE.zip/patch.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).


::Report end
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Hijack this Log File

Unread postby cruach » October 19th, 2006, 7:31 am

Logfile of HijackThis v1.99.1
Scan saved at 12:30:34, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
H:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Skype\Phone\Skype.exe
H:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\internetcalls.com\internetcalls\internetcalls.exe
H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
H:\Program Files\Changer XP\ChangerXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
H:\Program Files\NetCaptor\NetCaptor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Trevor Moore\My Documents\My Completed Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] H:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CookiePatrol] H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Second Copy 2000] "H:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\program files\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized
O4 - Startup: PrintKey-Pro.lnk = H:\Program Files\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Changer XP.lnk = H:\Program Files\Changer XP\ChangerXP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-gb.technip.com/iNotes6.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3732836058
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7160461929
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BT ... reQual.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Forgot to mention

Unread postby cruach » October 19th, 2006, 7:47 am

Whatever it is I've picked up uninstalled the printers as well!

You can imagine my joy! :evil:
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Unread postby Blade81 » October 20th, 2006, 6:46 am

I'm sorry to say you this but all you can do is reformat and install Windows again. :(

So many disabled services indicates that your system had Rbot and/or Sdbot infection. Your security settings have been manipulated and we simply have no way of knowing what changes were made there.

If you need help with reformatting, please ask.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Unread postby cruach » October 20th, 2006, 7:16 am

Hello there.

All may not be lost. I've been doing some tinkering myself and I think I've got it up and running again. I'd still appreciate your advice on whether or not I still have a problem so I ran Hijack This again. Her's the Log File.

Logfile of HijackThis v1.99.1
Scan saved at 12:14:14, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
H:\PROGRA~1\PESTPA~1\PPControl.exe
H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
H:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\program files\internetcalls.com\internetcalls\internetcalls.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Trevor Moore\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://uk.downloads.yahoo.com/internete ... elcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PPMemCheck] H:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] H:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CookiePatrol] H:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~3\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [window mpeg data loud] C:\Documents and Settings\All Users\Application Data\ErrorOozeWindowMpeg\PlusDupe.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Second Copy 2000] "H:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [InternetCalls] "C:\program files\internetcalls.com\internetcalls\internetcalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PrintKey-Pro.lnk = H:\Program Files\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-gb.technip.com/iNotes6.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3732836058
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7160461929
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BT ... reQual.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - H:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: V2i Protector - Unknown owner - H:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


All advice gratefully received.

Thanks again.
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm

Unread postby Blade81 » October 20th, 2006, 11:00 am

Please Download NoLop to your desktop from one
of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require
    a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and
    Destroy
    "
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if
    infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the
    program again and it will finish Please Post the contents of
    C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its
dependencies are not correctly registered," please download
mscomctl.ocx to your system32 folder then rerun the program.
--


Download GMER and save it your desktop:
  • Extract it to your desktop and double-click GMER.exe
  • Click rootkit-tab and then scan.
  • Don't check "Show All" box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard (Open notepad, click right mouse button and select paste to bring text to your notepad. Save it as gmer.log to your desktop so you won't lose it).
  • Post log in your reply.


Logs to be posted:
* GMER log
* C:\NoLop.log
* fresh hjt log
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

NoLop Log

Unread postby cruach » October 20th, 2006, 1:38 pm

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Trevor Moore\Desktop
[20/10/2006]
[17:52:09]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bt Yahoo!
C:\Documents and Settings\All Users\Application Data\Erroroozewindowmpeg
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Powerquest
C:\Documents and Settings\All Users\Application Data\Qubesoft
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Roboform
C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Metaproducts
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Emily Moore\Application Data\Bamzooki
C:\Documents and Settings\Emily Moore\Application Data\Changer Xp
C:\Documents and Settings\Emily Moore\Application Data\Identities
C:\Documents and Settings\Emily Moore\Application Data\Macromedia
C:\Documents and Settings\Emily Moore\Application Data\Metaproducts
C:\Documents and Settings\Emily Moore\Application Data\Microsoft
C:\Documents and Settings\Emily Moore\Application Data\Real
C:\Documents and Settings\Henry Moore\Application Data\Bamzooki
C:\Documents and Settings\Henry Moore\Application Data\Changer Xp
C:\Documents and Settings\Henry Moore\Application Data\Identities
C:\Documents and Settings\Henry Moore\Application Data\Macromedia
C:\Documents and Settings\Henry Moore\Application Data\Metaproducts
C:\Documents and Settings\Henry Moore\Application Data\Microsoft
C:\Documents and Settings\Henry Moore\Application Data\Real
C:\Documents and Settings\Henry Moore\Application Data\Stilesoft
C:\Documents and Settings\Janette Moore\Application Data\Adobe
C:\Documents and Settings\Janette Moore\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Janette Moore\Application Data\Bamzooki
C:\Documents and Settings\Janette Moore\Application Data\Changer Xp
C:\Documents and Settings\Janette Moore\Application Data\Google
C:\Documents and Settings\Janette Moore\Application Data\Identities
C:\Documents and Settings\Janette Moore\Application Data\Macromedia
C:\Documents and Settings\Janette Moore\Application Data\Metaproducts
C:\Documents and Settings\Janette Moore\Application Data\Microsoft
C:\Documents and Settings\Janette Moore\Application Data\Real
C:\Documents and Settings\Janette Moore\Application Data\Stilesoft
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Stilesoft
C:\Documents and Settings\Localservice\Application Data\Yahoo!
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Stanley Moore\Application Data\Adobe
C:\Documents and Settings\Stanley Moore\Application Data\Bamzooki
C:\Documents and Settings\Stanley Moore\Application Data\Changer Xp
C:\Documents and Settings\Stanley Moore\Application Data\Google
C:\Documents and Settings\Stanley Moore\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Stanley Moore\Application Data\Identities
C:\Documents and Settings\Stanley Moore\Application Data\Installshield
C:\Documents and Settings\Stanley Moore\Application Data\Iscreensaver
C:\Documents and Settings\Stanley Moore\Application Data\Macromedia
C:\Documents and Settings\Stanley Moore\Application Data\Metaproducts
C:\Documents and Settings\Stanley Moore\Application Data\Microsoft
C:\Documents and Settings\Stanley Moore\Application Data\Motive
C:\Documents and Settings\Stanley Moore\Application Data\Real
C:\Documents and Settings\Stanley Moore\Application Data\Robots
C:\Documents and Settings\Stanley Moore\Application Data\Stilesoft
C:\Documents and Settings\Stanley Moore\Application Data\Yahoo!
C:\Documents and Settings\Trevor Moore\Application Data\Adobe
C:\Documents and Settings\Trevor Moore\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Trevor Moore\Application Data\Apple Computer
C:\Documents and Settings\Trevor Moore\Application Data\Bamzooki
C:\Documents and Settings\Trevor Moore\Application Data\Changer Xp
C:\Documents and Settings\Trevor Moore\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Trevor Moore\Application Data\Hp
C:\Documents and Settings\Trevor Moore\Application Data\Identities
C:\Documents and Settings\Trevor Moore\Application Data\Image Zone Express
C:\Documents and Settings\Trevor Moore\Application Data\Internetcalls
C:\Documents and Settings\Trevor Moore\Application Data\Intertrust
C:\Documents and Settings\Trevor Moore\Application Data\Iscreensaver
C:\Documents and Settings\Trevor Moore\Application Data\Isolatedstorage
C:\Documents and Settings\Trevor Moore\Application Data\Last.fm
C:\Documents and Settings\Trevor Moore\Application Data\Lavasoft
C:\Documents and Settings\Trevor Moore\Application Data\Macromedia
C:\Documents and Settings\Trevor Moore\Application Data\Mailfrontier
C:\Documents and Settings\Trevor Moore\Application Data\Media Player Classic
C:\Documents and Settings\Trevor Moore\Application Data\Metaproducts
C:\Documents and Settings\Trevor Moore\Application Data\Microsoft
C:\Documents and Settings\Trevor Moore\Application Data\Motive
C:\Documents and Settings\Trevor Moore\Application Data\Mozilla
C:\Documents and Settings\Trevor Moore\Application Data\Pile Way Remote
C:\Documents and Settings\Trevor Moore\Application Data\Real
C:\Documents and Settings\Trevor Moore\Application Data\Registry Booster
C:\Documents and Settings\Trevor Moore\Application Data\Robots
C:\Documents and Settings\Trevor Moore\Application Data\Skype
C:\Documents and Settings\Trevor Moore\Application Data\Startu~1
C:\Documents and Settings\Trevor Moore\Application Data\Stilesoft
C:\Documents and Settings\Trevor Moore\Application Data\Sun
C:\Documents and Settings\Trevor Moore\Application Data\Symantec
C:\Documents and Settings\Trevor Moore\Application Data\Yahoo!
cruach
Regular Member
 
Posts: 23
Joined: October 16th, 2006, 4:10 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware