Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help please

Unread postby robby » April 26th, 2008, 7:29 am

Help please! I am no expert at computers at all. I have downloaded AVG free edition & PC tools spyware doctor in an attempt to free my computer from unwanted "going ons" there's been some weird things going on with my computer and i need some expert advice to save me! Here's my hijack this logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:35 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk571YYAU
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://images.google.com.au/images?q=tb ... 520cat.gif

--
End of file - 6462 bytes
robby
Active Member
 
Posts: 10
Joined: April 26th, 2008, 6:47 am
Advertisement
Register to Remove

Re: Help please

Unread postby dan12 » April 26th, 2008, 4:14 pm

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby dan12 » April 26th, 2008, 4:15 pm

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


please post back with: text file and a new highjackthis log.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby robby » April 30th, 2008, 3:05 am

thanks for the speedy reply dan. Here are the following scans you requested. Cheers Rob

SmitFraudFix v2.319

Scan done at 16:46:28.65, Wed 04/30/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OWNER\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://images.google.com.au/images?q=tbn:tmFOuiQPhypY_M:http://plusinfo.jeonju.ac.kr/photos/web_Image/Felix%2520the%2520cat.gif"
"SubscribedURL"="http://images.google.com.au/images?q=tbn:tmFOuiQPhypY_M:http://plusinfo.jeonju.ac.kr/photos/web_Image/Felix%2520the%2520cat.gif"
"FriendlyName"=""


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 10.1.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:23 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk571YYAU
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://images.google.com.au/images?q=tb ... 520cat.gif

--
End of file - 6495 bytes
robby
Active Member
 
Posts: 10
Joined: April 26th, 2008, 6:47 am

Re: Help please

Unread postby dan12 » April 30th, 2008, 3:24 am

Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish

-------------------------------

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

----------------------------------

Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

-------------------------------


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply, along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


__________________



: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Please include in your next post:
  • rapport txt
  • Malwarebytes log
  • Installed Programs List
  • New highjackthis log

Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby robby » April 30th, 2008, 11:53 pm

hello again dan, here are the new logs as requested. Thanks for your excellent clear instructions! Cheers Robyn

SmitFraudFix v2.319

Scan done at 12:34:06.54, Thu 05/01/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0FEC397E-DBD4-48EE-A9BC-A467D03C774F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D35A156E-BAF0-4D9D-B32A-49E3B4AEFADA}: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Malwarebytes' Anti-Malware 1.11
Database version: 704

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 64755
Time elapsed: 42 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 37
Files Infected: 145

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
HKEY_CURRENT_USER\Software\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Config (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\LA (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Tools (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\PGBase (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase\database (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\Download (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\Common Files\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\AntiVirusForAll\AVQuar (Rogue.AntiVirusForAll) -> No action taken.
C:\WINDOWS\system32\892267 (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> No action taken.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AntivirusForAll\Activate.exe (Rogue.PCSecureSystem) -> No action taken.
C:\Program Files\AntivirusForAll\sqlite3.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\reload.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\ptask.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\dhlp.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\AntivirusForAll\Up\gup.exe (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP199\A0017719.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP199\A0017720.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017768.sys (Rogue.PCSecureSystem) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017769.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017770.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017771.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017773.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017774.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017781.exe (Rogue.WinPCDoctor) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017782.exe (Rogue.WinPCDoctor) -> No action taken.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP203\A0017806.dll (Rogue.WinPCDoctor) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016A2CC.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016A5DA.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016A899.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0016ACB0.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0002ACE0 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0016DB32.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AntiVirusForAll\unins000.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\unins000.exe (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\scnkrnl.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\al.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\settings.ini (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\ResErrors.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\FWSettings.bin (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\main.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\sr.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\history.db (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\BkSites.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\incmp.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\index.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\cd.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\pv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\bnlink.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Dat\Activate.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Config\pgs.xml (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\BORLNDMM.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANADWR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANBCDR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANDLDR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANDOS1.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANEMUL.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANFUNC.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANMCR1.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANOTHR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANSCR.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANTOOL.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANTROJ.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANWIN1.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNACPU.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNADBX.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\unamscan.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNMIME.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACK.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACKS.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACKS2.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPEPACK.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\vbpv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27601.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27602.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27603.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27604.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UADAILY.DLL (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase\vbpv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\AWBase\database\enemies.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Engines\PGBase\vbpv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\cross.gif (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\ga6p.gif (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\main.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\mini.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\support.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\uninstall.ico (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\Support.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\Online.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\kb.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Graphics\rm.url (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\up.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\updater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\UBupdater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\ASupdater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Up\PGupdater.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\LA\License.rtf (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\LA\lapv.dat (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Tools\sbiebho.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Program Files\AntiVirusForAll\Tools\pblock.dll (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs\threats.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs\update.log (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\Contact Customer Support.lnk (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\Uninstall AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> No action taken.
C:\Documents and Settings\All Users\Desktop\AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> No action taken.

INSTALLED PROGRAMS LIST:
15 Awesome Card & Board Games
Acer eManager for Notebook
Acer ePowerManagement
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe SVG Viewer 3.0
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
Arcade 3.0
AVG 7.5
CCleaner (remove only)
Google Photos Screensaver
Google Updater
HijackThis 2.0.2
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP PSC & OfficeJet 4.2
HP Software Update
HP Solution Center 7.0
HPSU306Stub
Intel(R) Extreme Graphics 2 Driver
Internet Service
iTunes
J2SE Runtime Environment 5.0 Update 6
Launch Manager
LimeWire 4.10.9
LiveUpdate BVRP Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
mobile PhoneTools
Mozilla Firefox (2.0.0.11)
My Web Search (Smiley Central)
Nokia Connectivity Cable Driver
Nokia PC Suite
NTI Backup NOW! 3
NTI CD & DVD-Maker Gold
OCR Software by I.R.I.S 7.0
Overland
PC Connectivity Solution
Picasa 2
PowerProducer
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Sansa Media Converter
Secure Browsing
Spyware Doctor 5.5
Synaptics Pointing Device Driver
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:19 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk571YYAU
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6072 bytes
robby
Active Member
 
Posts: 10
Joined: April 26th, 2008, 6:47 am

Re: Help please

Unread postby dan12 » May 1st, 2008, 12:29 am

Thanks for the returned logs I will go through them soon,However it seems from your malwarebytes log you didn't click on fix items
as there was no action taken on the infected files. You will need to run again and click fix items when the scans finished :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby robby » May 1st, 2008, 8:36 pm

thanks I'll re-do that
oops
robby
Active Member
 
Posts: 10
Joined: April 26th, 2008, 6:47 am

Re: Help please

Unread postby robby » May 1st, 2008, 10:31 pm

Hi Dan, Sorry bout that little blonde moment :oops: I have re-done the malwarebytes scan and removed infected files so, here is a new malwarebytes log and highjackthis log. Cheers, Robyn

Malwarebytes' Anti-Malware 1.11
Database version: 704

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 68367
Time elapsed: 1 hour(s), 34 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 37
Files Infected: 145

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Config (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\LA (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Tools (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\AWBase (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\PGBase (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\AWBase\database (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up\Download (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\AntiVirusForAll\AVQuar (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\892267 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusForAll\Activate.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusForAll\sqlite3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusForAll\reload.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusForAll\ptask.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusForAll\dhlp.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusForAll\Up\gup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP199\A0017719.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP199\A0017720.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017768.sys (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017769.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017770.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017771.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017773.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017774.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017781.exe (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP201\A0017782.exe (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8399146D-CC1C-4DBE-A574-370D6E9F04C5}\RP203\A0017806.dll (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0016A2CC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0016A5DA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0016A899.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0016ACB0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002ACE0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0016DB32.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\unins000.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\unins000.exe (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\scnkrnl.dll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\al.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\settings.ini (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\ResErrors.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\FWSettings.bin (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\main.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\sr.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\history.db (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\BkSites.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\incmp.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\index.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\cd.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\pv.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\bnlink.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Dat\Activate.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Config\pgs.xml (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\BORLNDMM.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANADWR.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANBCDR.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANDLDR.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANDOS1.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANEMUL.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANFUNC.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANMCR1.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANOTHR.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANSCR.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANTOOL.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANTROJ.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\SCANWIN1.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNACPU.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNADBX.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\unamscan.dll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNMIME.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACK.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACKS.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPACKS2.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UNPEPACK.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\vbpv.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27601.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27602.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27603.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UA27604.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\plugins\UpDate\UADAILY.DLL (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\AWBase\vbpv.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\AWBase\database\enemies.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Engines\PGBase\vbpv.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\cross.gif (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\ga6p.gif (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\main.ico (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\mini.ico (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\support.ico (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\uninstall.ico (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\Support.url (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\Online.url (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\kb.url (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Graphics\rm.url (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up\up.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up\updater.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up\UBupdater.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up\ASupdater.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Up\PGupdater.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\LA\License.rtf (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\LA\lapv.dat (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Tools\sbiebho.dll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusForAll\Tools\pblock.dll (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs\threats.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntiVirusForAll\Logs\update.log (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\Contact Customer Support.lnk (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirusForAll\Uninstall AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AntivirusForAll.lnk (Rogue.AntiVirusForAll) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:04 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk571YYAU
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6073 bytes
robby
Active Member
 
Posts: 10
Joined: April 26th, 2008, 6:47 am

Re: Help please

Unread postby dan12 » May 2nd, 2008, 2:41 pm

Sorry for delay, not forgotten you :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby dan12 » May 2nd, 2008, 2:48 pm

Logs looking a lot better.


P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.

________________________

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xmk571YYAU

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit



Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate J2SE Runtime Environment 5.0 Update 6 and click on Change/Remove to uninstall it.
  2. Repeat for these old versions of JRE:
      just the one mentioned
  3. Click here to visit Java's website.
  4. Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
  5. Select Windows from the drop-down list for Platform.
  6. Select Multi-language from the drop-down list for Language.
  7. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  8. Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
  9. Run this installation to update your Java.




Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

post me the eset report and a HJT log
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby robby » May 5th, 2008, 6:31 am

Hi Dan, i have uninstalled limewire i had no idea it was so dangerous for my puter. I have installed the updated java thanx. i ran the Eset scan as u asked and it came back all clear but i could not access the log the way u asked so i couldn't include that sorry, also when i installed Eset i wasn't prompted for ActivX??? My computer seems to be running heaps better and i really appreciated all the fantastic help, YOUR MY HERO!!!!! :) Here's the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:57 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6000 bytes
robby
Active Member
 
Posts: 10
Joined: April 26th, 2008, 6:47 am

Re: Help please

Unread postby dan12 » May 5th, 2008, 6:56 am

Hi, Robby,
pleased things are a lot better for you :)
You should find the log for eset here: C:\Program Files\esetonlinescanner\log.txt
I will look over the returned log shortly :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby dan12 » May 5th, 2008, 7:03 am

Hi Robby, told you wouldn't be long
remember we only want one of the products on your system.

There is no sign of a Third Party Firewall installed on your system.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

There are several possible reasons for the Firewall not showing.
  1. You are using Windows Firewall. This is not recommended as it will only stop incoming material. It permits all outgoing traffic.
  2. You are using a hardware firewall. It should be complemented with a Third Party Software Firewall
  3. You have a firewall, but you disabled it. Please re-enable it.
  4. You don't have a firewall at all.

If you don't have a third party firewall, please get ONE firewall and install it. Restart the computer for changes to take effect.

Online Armor
Comodo Personal Firewall

Please post back a new HijackThis log after installing the firewall.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Help please

Unread postby NonSuch » May 12th, 2008, 12:08 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware