Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need urgent help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need urgent help

Unread postby maznaq » November 24th, 2007, 12:00 pm

/hi can some1 pls help me. following is my laptop's hijack log. i keep on getting hxxp://auth.microbillsys.com:1003/3/isvalid.php (DO NOT CLICK IT).
thank u

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:08, on 23/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\AOL\1192809175\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\monstu.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\monrtu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809175\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mbssm32] C:\Windows\system32\monstu.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9642 bytes
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am
Advertisement
Register to Remove

Re: Need urgent help

Unread postby Bob4 » November 24th, 2007, 1:31 pm

_________________________________
Welcome to the Forums.

Quicknote: Please try not to post any links you think might be bad. To easy for someone to accidentally click them.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.



Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!

_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste these filepaths: 1 at a time.


C:\Windows\system32\monstu.exe


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html

_____________________________________

_________________________
______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


AVG Anti-Spyware:
________________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.


In your next reply I would like to see:
  • A new HJT log
  • The report from Jottis/Virus total
  • The report from AVG anti Spyware

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 24th, 2007, 2:03 pm

Scan taken on 24 Nov 2007 17:36:26 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic9.TDW
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Agent.cnm
Dr.Web Found Trojan.Xpass.origin
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Agent.cnm
Fortinet Found nothing
Ikarus Found Trojan.Win32.Agent.afi
Kaspersky Anti-Virus Found Trojan.Win32.Agent.cnm
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

**im updating AVG Anti-spyware and its informing me that malware found. Trojan agent. its asking me whether id like to clean it or not? how shall i proceed? it wont let me continue with the update
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am

Re: Need urgent help

Unread postby Bob4 » November 24th, 2007, 4:22 pm

Re read the setup instructions.


* Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 24th, 2007, 5:01 pm

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:08, on 23/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\AOL\1192809175\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\monstu.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\monrtu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809175\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mbssm32] C:\Windows\system32\monstu.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9642 bytes

**Whilst obtaining this new hijackthis log i got a message to saying:

For some reason your system deined write access to the Host file. if any hijacked domains are in this file Hijackthis may not be able to fix this.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:34:58 24/11/2007

+ Scan result:



:mozilla.478:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.125:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.381:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.444:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.516:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.585:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.604:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.692:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.839:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.866:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.73:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.867:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.868:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.486:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.487:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.147:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.150:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.151:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.152:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.153:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.154:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.160:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.161:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.162:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.163:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.164:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.331:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.111:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.184:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.848:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.849:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.456:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.824:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.862:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.863:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.864:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.605:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.55:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.832:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.833:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.109:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.110:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.112:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.113:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.114:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.115:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.276:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.277:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.519:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.576:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.645:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.646:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.654:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.725:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.753:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.206:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.46:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.47:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.48:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.537:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.595:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.877:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.878:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.885:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.470:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.556:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.557:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.686:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.299:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.337:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.406:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.407:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.565:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.566:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.177:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.178:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.577:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.175:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.176:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.76:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.283:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.284:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.285:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.286:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.287:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.288:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.289:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.663:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.664:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.355:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.356:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.861:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.687:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.35:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.36:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.39:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.40:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.41:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.42:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.43:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.44:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.45:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.65:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.66:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.67:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.642:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.829:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.830:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.906:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.907:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.745:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.746:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.258:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.260:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.262:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.263:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.264:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.266:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.267:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.268:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.426:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.54:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.60:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.156:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.157:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.158:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.159:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.53:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.362:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.201:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.350:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.351:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.352:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.353:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.354:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.623:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.624:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.625:C:\Users\Athar Abbas\AppData\Roaming\Mozilla\Firefox\Profiles\03e6x9n5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Windows\System32\monstu.exe -> Trojan.Agent.cnm : Cleaned with backup (quarantined).


::Report end


The report from Jottis
Scan taken on 24 Nov 2007 17:36:26 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic9.TDW
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Agent.cnm
Dr.Web Found Trojan.Xpass.origin
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Agent.cnm
Fortinet Found nothing
Ikarus Found Trojan.Win32.Agent.afi
Kaspersky Anti-Virus Found Trojan.Win32.Agent.cnm
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am

Re: Need urgent help

Unread postby Bob4 » November 24th, 2007, 5:43 pm

Please repost a new HJT log for me.

Rerun HJT completly.

I see things running that have been deleted. I want to be sure.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 24th, 2007, 5:55 pm

i ran HJT as administrator and got the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:25, on 24/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\AOL\1192809175\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809175\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9632 bytes
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am

Re: Need urgent help

Unread postby Bob4 » November 24th, 2007, 6:10 pm

That's better I always need a new scan after you do everything else.


I see that you have msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type or copy msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. When it asks to restart please do so.






______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)



______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

_______________________________________________________



You need to update SunJava for security reasons.
Updating Java:
Download the latest version of
[url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6 Update 3
[/url]
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3
    ... allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe
    to install the newest version.

_________________________________________________

Post a new HJT log
and
The report from Kasperskys
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 25th, 2007, 8:04 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:25, on 24/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\AOL\1192809175\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809175\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9632 bytes


**Didnt allow me to save report from Kasperskys after the scan on the desktop, due to my computers secuirty. after restarting the computer cant find the report. but the scan showed no malware found.
thanks
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am

Re: Need urgent help

Unread postby Bob4 » November 25th, 2007, 9:05 am

_________________________________
We need to disable windows defender.
A good program but may interfere with our fixes.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender


______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

___________________________


Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\monrtu.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
  • Close OTMoveIt
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")




____________________________

Sorry about the typo. I suppose that's why Java hasn't been updated.

You need to update SunJava for security reasons.
Updating Java:
Download the latest version of Java from:
Java downloads

Your looking for
(JRE) 6 Update 3

  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3
    ... allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe
    to install the newest version.

_____________________________

Next reply I need:
  • a new HJT log
  • The report from OTmoveit
  • Also let me know how things are running.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 25th, 2007, 9:33 am

The following was not present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

obtain the following saved log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:52, on 25/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1192809175\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809175\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9411 bytes


Whislt pasting on OTMoveIt got the following message:

Cannot Create File C:\_OTMoveIt\MovedFiles\11252007_132611.log

following was in the result table

File/Folder not found.
File/Folder c:\windows\system32\monrtu.exe not found.

Created on 11/25/2007 13:26:11.


I'm about to update java.
Computer is running better. the website has not popped up again.
Thanks for ur help.
Also what can i delete from the desktop that i have downloaded such as the installtions.
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am

Re: Need urgent help

Unread postby Bob4 » November 25th, 2007, 11:27 am

The idea behind me getting the new HJT log was to see 2 things.
1. That the 02 line I asked you to remove was gone. Which you said it was.

2. That java was updated.

Please post that when you have completed updating.
Then that you are now clean we will go through the clean up process to remove anything we used that you don't need.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 26th, 2007, 5:36 am

Hi this is the new HJT.
thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:45, on 26/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1192809175\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809175\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9585 bytes
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am

Re: Need urgent help

Unread postby Bob4 » November 26th, 2007, 2:30 pm

Looks good just a couple of entries and were done.
_________________________________
We need to disable windows defender.
A good program but may interfere with our fixes.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender
______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O13 - Gopher Prefix:


___________________________________

This process is going to clean up some of the tools we have used.

  • Open OTmoveit.
  • Click on Cleanup!.
  • Allow it to access the internet if any security software asks about it.

    It will ask you if you want to start the clean up process :
  • Click yes.
  • When it's ready it will ask you to reboot.
    Do so now.
    Then finish up with the rest of the instructions.

__________________________________

Post one last HJT log .

And let me know everything is still OK.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Need urgent help

Unread postby maznaq » November 27th, 2007, 12:08 pm

OTMoveIt wont allow me to clean up. it says operationn not allowed
maznaq
Active Member
 
Posts: 9
Joined: November 24th, 2007, 11:56 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 313 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware