Free Malware Removal Forum

[muppy03]

Hi, Things are looking much better, are you having any problems?

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 13.

• Go to Java Site
• Click to Download Java SE Runtime Environment (JRE) 6 Update 13
• In Platform box choose Windows.
• Check the box to Accept License Agreement and click Continue.
• Click on Windows Offline Installation, click on the link under it which says "jre-6u13-windows-i586-p.exe" and save the downloaded file to your desktop.
• Go to Start => Control Panel => Add or Remove Programs
• Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
• Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Remove Norton

Note : You should first attempt to remove your Norton product using Add/Remove Programs in the Windows Control Panel (Programs and Features, in Windows Vista). This is the best method. After uninstalling using Windows Add/Remove Programs, run the Norton Removal Tool to ensure successful removal of all Norton references.

Please go to this -page- and select the product you have


1 Download the Norton Removal Tool.
Save the file to the Windows desktop.
2 On the Windows desktop, double-click the Norton Removal Tool icon.
3 Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Please reply with:-

• New HJT log
• Answer to how things are going

[BZanny]

Ok well things seem to be running pretty well, machine speed seems to be ok, the 'security' pop ups are gone as are the internet explorer pop ups as well



Here's the HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:35, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1127814133\ee\AOLHostManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1127814133\ee\AOLServiceHost.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\system32\UAService7.exe
c:\program files\common files\aol\1127814133\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127814133\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127814133\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8530 bytes


Thanks

[muppy03]

Hi,

Ok Logs are all looking good. I would recommend un-installing the ASK Toolbar. (It was installed along with Zonealarm) You can do this through Add/Remove Programs.

Go to Start-Settings-Control Panel, click on Add remove Programs. Click on Ask Toolbar to highlight it, and click on remove. Then close the Control Panel.


Next Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

Once selected close all windows except HJT an click on Fix Checked

Lets clean up some of the tools we used

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

NEXT

• Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

MBAM and ATF are great tools for you to keep and use on a regular basis.

Let me know when the above is done and we can go on to some final instructions

[BZanny]

Ok thanks so far, I can't seem to find the ASK toolbar on the add/remove page, so as have yet to carry out any requested steps

[muppy03]

Ok thanks so far, I can't seem to find the ASK toolbar on the add/remove page, so as have yet to carry out any requested steps

Not a problem

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Code: Select all

  Folder::
  C:\Program Files\AskBarDis
  
  Registry:: 
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
  
  

  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• If you need help to disable your protection programs see here.
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Please reply with:-

• New HJT log
  
• Combofix log
  

[BZanny]

ok, Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:23, on 01/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1127814133\ee\AOLHostManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1127814133\ee\AOLServiceHost.exe
c:\program files\common files\aol\1127814133\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127814133\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127814133\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8072 bytes



and the combofix log



ComboFix 09-04-30.05 - HP_Owner 01/05/2009 7:57.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.247.99 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\000A8377
c:\program files\AskBarDis\bar\Cache\000A8E16
c:\program files\AskBarDis\bar\Cache\000A91A0.bin
c:\program files\AskBarDis\bar\Cache\000A95E6.bin
c:\program files\AskBarDis\bar\Cache\000A9847.bin
c:\program files\AskBarDis\bar\Cache\000A9AC8.bin
c:\program files\AskBarDis\bar\Cache\000A9D58.bin
c:\program files\AskBarDis\bar\Cache\000A9F1D.bin
c:\program files\AskBarDis\bar\Cache\000AA0F2.bin
c:\program files\AskBarDis\bar\Cache\000AA2C7.bin
c:\program files\AskBarDis\bar\Cache\000AA567.bin
c:\program files\AskBarDis\bar\Cache\000AA74B.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskBarDis\zonealarm.ico

.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-28 10:38 . 2009-04-28 10:38 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-28 10:16 . 2009-04-28 10:16 -------- d-----w c:\program files\Java
2009-04-21 23:55 . 2009-04-21 23:55 -------- d-----w c:\program files\SilverCreekCommonFiles
2009-04-21 23:55 . 2009-04-22 16:37 -------- d-----w c:\program files\Hardwood Euchre
2009-04-21 16:01 . 2009-04-21 16:01 -------- d-----w c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2009-04-21 15:55 . 2009-04-27 16:48 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-21 15:54 . 2009-04-21 15:54 -------- d-----w c:\program files\Avira
2009-04-21 15:54 . 2009-04-21 15:54 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-20 16:49 . 2009-04-20 16:49 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-20 16:48 . 2009-02-15 23:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-20 16:48 . 2009-04-20 16:49 -------- d-----w c:\windows\system32\ZoneLabs
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\Zone Labs
2009-04-20 16:38 . 2009-05-01 06:50 -------- d-----w c:\windows\Internet Logs
2009-04-20 16:10 . 2009-04-20 16:10 -------- d-----w c:\program files\AVG
2009-04-20 16:10 . 2009-04-21 15:09 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 16:24 . 2009-04-19 16:24 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\SupportSoft
2009-04-15 18:11 . 2009-04-15 18:24 304160 ----a-w C:\StiImg.dat
2009-04-15 18:09 . 2005-01-14 08:32 53248 ----a-w c:\windows\system32\PAStiSvc.exe
2009-04-15 18:03 . 2009-04-15 18:03 -------- d-----w c:\windows\PixArt
2009-04-15 18:03 . 2009-04-15 18:03 -------- d-----w c:\program files\Common Files\PCCamera
2009-04-15 18:03 . 2009-04-15 18:03 -------- d-----w c:\program files\Trust
2009-04-09 00:09 . 2009-04-28 10:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-09 00:04 . 2009-04-09 00:04 -------- d-----w C:\_OTMoveIt
2009-04-08 08:25 . 2009-04-08 08:25 -------- d-----w C:\rsit
2009-04-08 00:32 . 2009-04-08 00:32 -------- d-----w c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-04-08 00:32 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-08 00:32 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 00:32 . 2009-04-08 00:32 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 00:32 . 2009-04-08 00:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 20:16 . 2009-04-02 20:16 -------- d-----w c:\program files\MSXML 4.0
2009-04-02 17:27 . 2009-04-02 18:42 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-02 17:22 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-02 17:22 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-02 17:19 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-02 17:19 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-02 17:19 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-02 17:19 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-02 17:18 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-02 17:15 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2009-04-02 17:13 . 2009-04-02 17:15 -------- d-----w c:\program files\TalkTalk
2009-04-02 17:06 . 2009-04-02 17:06 -------- d-----w c:\documents and settings\HP_Owner\Local Settings\Application Data\SupportSoft
2009-04-02 16:55 . 2009-04-02 16:55 -------- d-----w c:\program files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 20:41 . 2005-03-18 12:53 -------- d-----w c:\program files\Diablo II
2009-04-28 16:21 . 2004-01-02 06:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-28 16:11 . 2004-01-02 06:47 -------- d-----w c:\program files\Symantec
2009-04-28 10:36 . 2004-11-19 17:26 -------- d-----w c:\program files\Common Files\Adobe
2009-04-25 23:32 . 2009-04-26 09:19 1413632 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-04-15 18:04 . 2004-01-02 02:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 17:22 . 2005-08-23 21:29 -------- d-----w c:\program files\Hero Editor
2009-04-03 00:48 . 2007-11-21 18:40 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-02 18:20 . 2005-03-18 13:00 39061 -c--a-w c:\windows\DIIUnin.dat
2009-04-02 18:17 . 2008-07-17 09:35 43520 -c--a-w c:\windows\system32\CmdLineExt03.dll
2009-04-02 17:12 . 2007-11-21 18:29 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 14:44 . 2004-01-01 18:30 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2004-01-01 18:31 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-01-01 18:29 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-01-01 18:30 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-01-01 18:29 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-01-02 08:03 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-01-01 18:22 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-01-01 18:31 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2004-01-01 18:30 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-01-01 18:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2004-01-01 18:30 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-04 05:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-01-01 18:30 55808 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-22_12.27.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 06:46 . 2009-05-01 06:46 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2004-10-24 13:00 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
- 2004-10-24 13:00 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-01-02 06:44 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ps2.bat
+ 2004-01-02 06:25 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0007\DriverFiles\ps2.bat
+ 2004-01-02 05:58 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ps2.bat
+ 2004-01-02 05:02 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0005\DriverFiles\ps2.bat
+ 2004-01-02 05:18 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0004\DriverFiles\ps2.bat
+ 2004-01-02 04:31 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0003\DriverFiles\ps2.bat
+ 2004-10-24 12:55 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ps2.bat
+ 2004-01-02 04:49 . 2002-10-16 16:57 81920 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ps2.bat
+ 2004-01-02 02:51 . 2002-10-16 16:57 81920 c:\windows\system32\ps2.bat
+ 2004-01-02 01:13 . 2004-08-04 10:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-04-21 15:55 . 2009-04-27 16:48 96104 c:\windows\system32\drivers\avipbb.sys
+ 2004-10-06 12:42 . 2004-08-04 03:00 2589 c:\windows\I386\RUNW32.BAT
+ 2009-04-28 10:17 . 2009-04-28 10:17 148888 c:\windows\system32\javaws.exe
- 2009-04-09 00:09 . 2009-04-09 00:08 148888 c:\windows\system32\javaws.exe
+ 2009-04-28 10:17 . 2009-04-28 10:17 144792 c:\windows\system32\javaw.exe
- 2009-04-09 00:09 . 2009-04-09 00:08 144792 c:\windows\system32\javaw.exe
+ 2009-04-28 10:17 . 2009-04-28 10:17 144792 c:\windows\system32\java.exe
- 2009-04-09 00:09 . 2009-04-09 00:08 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-21 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-18 26112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-01-02 98304]
"HostManager"="c:\program files\Common Files\AOL\1127814133\ee\AOLHostManager.exe" [2005-07-29 159832]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-28 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0b\aoltray.exe [2005-3-18 156784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.0b\\waol.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=

R2 ASKService;ASKService; [x]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2004-04-27 152576]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\r11qcvrb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk/
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 07:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-01 8:00
ComboFix-quarantined-files.txt 2009-05-01 07:00
ComboFix2.txt 2009-04-22 12:30
ComboFix3.txt 2009-04-20 15:45

Pre-Run: 134,159,613,952 bytes free
Post-Run: 134,158,745,600 bytes free

212 --- E O F --- 2009-04-23 02:04



Thanks

[muppy03]

Nice

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)

Once selected close all windows except HJT an click on Fix Checked

Any other problems? If not continue below


Lets clean up some of the tools we used

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• 

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

NEXT

• Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

MBAM and ATF are great tools for you to keep and use on a regular basis.

Let me know when the above is done and we can go on to some final instructions

[BZanny]

ok well all instructions are done PC takes longer to start up, but that seems due to the new measures on there.

I'm ready and waiting for final instructions, and if I forget to say it, thanks for the help, it has been good, concise and easy to follow

look forward to your reply (btw are the aussies winning the ashes ?)

[muppy03]

Hi there,

btw are the aussies winning the ashes

For my sake I really hope not!? GaryR will have me in chains and locked in the dungeon if we do!

Start up should not really be any longer as to what we did here. You do have quite a large list of programs that start up when Computer is turned on. The following programs are not required to run on start up. You can follow the below step if you want to. Note: Fixing these 04 entries will NOT delete the program ONLY stop them starting up when computer is turned on. Apart from the ones listed below you have several others that are deemed users choice as to whether they want them running at start up or not. If computer start up time is a problem then it might be wise investigating what you really need when computer is first turned on.


Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe


Once selected close all windows except HJT an click on Fix Checked

Other than that all looks good so If you are not having any further problems, I would suggest you proceed as follows to provide extra protection for future safe internet use.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Note: You don't really need both Teatimer AND Winpatrol. I prefer Winpatrol, because it notifies about system changes, but doesn't intrude unless instructed.

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm


Read some information here how to prevent Malware.

Happy Safe Surfing

[BZanny]

Ok all sorted, many thanks for your help, and hope you don't get locked in the dungeon


Thanks

[muppy03]

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.