We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Help - Have I got rid of Trojans?
AuntyJean
Posts: 589 Forumite
in Techie Stuff
Thanks to Browntoa for suggesting I start a new post.
Firstly, OH lent laptop to daughter and when it was returned he could not log on and she had forgotten the password. We eventually got round this with the help of a friend and then found the hard drive had been partitioned with E being the local disk with a capacity of 5.94 GB of which 5.81 GB has been used.
He only uses it for internet access (internet banking, yahoo messaging etc.) and the E drive contains folders
$VAULT$.AVG
+Documents and Settings
Drivers
+Program Files
+SMRTNTKY
TEMP
+Windows
The C drive has a capacity of 19.5 GB of which 1.75 GB is used
Then there is a backup drive D with a capacity of 11.7 GB of which 4.57 GB is used and which contains
+DRIVER
+MOVIES
+TOOLS
When he had problems we tried inserting the Operating System Installation CD and the ended up having to choose between MS Windows XP Home Edition and MS Windows XP Professional SP2.
Choosing the first one resulted in a screen with no icons so chose the second one which resulted in all the correct icons appearing but advising that we may be a victim of counterfeiting.
Learnt to live with this but then had a trojan (using Avast and Zone alarm, both free versions).
Followed the thread http://forums.moneysavingexpert.com/showthread.html?t=1388803
and got the following results
Malwarebytes' Anti-Malware 1.32
Database version: 1640
Windows 5.1.2600 Service Pack 2
11/01/2009 07:52:47
mbam-log-2009-01-11 (07-52-47).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 85392
Time elapsed: 17 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
E:\Documents and Settings\stephen123\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Files Infected:
E:\Documents and Settings\stephen123\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
E:\Documents and Settings\stephen123\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Fixed the problem, rebooted then had this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:14, on 11/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
E:\WINDOWS\V0230Mon.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\RALINK\Common\RaUI.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Malwarebytes' Anti-Malware\downloads\HijackThis.exe
E:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UnlockerAssistant] E:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KelsPakSoft] E:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVFX Engine] E:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] E:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [359F5809-00B8-4455-A73A-9EA62A51101B] "E:\Documents and Settings\All Users\Application Data\330B2A9A.exe"
O4 - HKLM\..\Run: [744391432] "E:\Documents and Settings\All Users\Application Data\56834638\744391432.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [9129890cf88bf54cb17aa276c2ca0b87] E:\DOCUME~1\ALLUSE~1\Desktop\DOWNLO~1\BASS_T~1.EXE /r
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 10017 bytes
However, laptop very slow, desktop baground keeps removing itself (changes to none) and still getting the counterfeiting message.
We presume that someone installed XP professional as we cannot find the disk but reverting to Home Edition removes access to all the programs in the XP professional edition.
He just wants his PC back to how it was - any ideas please?
Firstly, OH lent laptop to daughter and when it was returned he could not log on and she had forgotten the password. We eventually got round this with the help of a friend and then found the hard drive had been partitioned with E being the local disk with a capacity of 5.94 GB of which 5.81 GB has been used.
He only uses it for internet access (internet banking, yahoo messaging etc.) and the E drive contains folders
$VAULT$.AVG
+Documents and Settings
Drivers
+Program Files
+SMRTNTKY
TEMP
+Windows
The C drive has a capacity of 19.5 GB of which 1.75 GB is used
Then there is a backup drive D with a capacity of 11.7 GB of which 4.57 GB is used and which contains
+DRIVER
+MOVIES
+TOOLS
When he had problems we tried inserting the Operating System Installation CD and the ended up having to choose between MS Windows XP Home Edition and MS Windows XP Professional SP2.
Choosing the first one resulted in a screen with no icons so chose the second one which resulted in all the correct icons appearing but advising that we may be a victim of counterfeiting.
Learnt to live with this but then had a trojan (using Avast and Zone alarm, both free versions).
Followed the thread http://forums.moneysavingexpert.com/showthread.html?t=1388803
and got the following results
Malwarebytes' Anti-Malware 1.32
Database version: 1640
Windows 5.1.2600 Service Pack 2
11/01/2009 07:52:47
mbam-log-2009-01-11 (07-52-47).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 85392
Time elapsed: 17 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
E:\Documents and Settings\stephen123\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Files Infected:
E:\Documents and Settings\stephen123\Start Menu\Programs\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
E:\Documents and Settings\stephen123\Desktop\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
Fixed the problem, rebooted then had this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:14, on 11/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
E:\WINDOWS\V0230Mon.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\RALINK\Common\RaUI.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Malwarebytes' Anti-Malware\downloads\HijackThis.exe
E:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UnlockerAssistant] E:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KelsPakSoft] E:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVFX Engine] E:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] E:\WINDOWS\V0230Mon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [359F5809-00B8-4455-A73A-9EA62A51101B] "E:\Documents and Settings\All Users\Application Data\330B2A9A.exe"
O4 - HKLM\..\Run: [744391432] "E:\Documents and Settings\All Users\Application Data\56834638\744391432.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [9129890cf88bf54cb17aa276c2ca0b87] E:\DOCUME~1\ALLUSE~1\Desktop\DOWNLO~1\BASS_T~1.EXE /r
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - [URL]file://E:\Program[/URL] Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - E:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 10017 bytes
However, laptop very slow, desktop baground keeps removing itself (changes to none) and still getting the counterfeiting message.
We presume that someone installed XP professional as we cannot find the disk but reverting to Home Edition removes access to all the programs in the XP professional edition.
He just wants his PC back to how it was - any ideas please?
There is always light within the dark
0
Comments
-
Have you scanned for malware / spyware?
All computers need to do spyware scans aswell as antivirus.
If you type into google: "Spyware scanner". Lavasoft i believe is free. Also search for "search and destroy" (another spyware scanner)...
And just to be safe! Download microsoft's FREE TRIAL of theres.
With spyware - using more then 1 program will pick up most of the different types
(use all 3 just to be sure).....
Did you format the PC when installing XP back on? If not... you could try defragging your PC.... turn all programs off. disconnect from the I-net. Start defragging, this may take an hour or 2.... or even 3!
Just a few thoughts... pc's are funny things
It could be something completly different!
:edit:
Whats your background changing to? Black? blue? red?0 -
Have you scanned for malware / spyware?
All computers need to do spyware scans aswell as antivirus.
If you type into google: "Spyware scanner". Lavasoft i believe is free. Also search for "search and destroy" (another spyware scanner)...
And just to be safe! Download microsoft's FREE TRIAL of theres.
With spyware - using more then 1 program will pick up most of the different types (use all 3 just to be sure).....
Did you format the PC when installing XP back on? If not... you could try defragging your PC.... turn all programs off. disconnect from the I-net. Start defragging, this may take an hour or 2.... or even 3!
Just a few thoughts... pc's are funny things It could be something completly different!
:edit:
Whats your background changing to? Black? blue? red?
Yes, we have Spybot and ran that.
No we did not format the laptop when installing XP - presume that Home Addition it is now on the C drive and Professional on the E drive?
Can we move the programs on the E to C and remove the E drive?
screen changes to black.There is always light within the dark0 -
You need to goto WINDOWS UPDATE and install SERVICE PACK 3 (Security updates)
malwarebytes does check for malware and spyware
But id try SUPERANTI SPYWARE too
http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
UPDATE and scan
Id advise to NOT 'google' for scanners as there are ALL sorts of dodgy programs on the net:idea:0 -
"chose the second one which resulted in all the correct icons appearing but advising that we may be a victim of counterfeiting"
Ahhh
Your computer has a dodgy passkey. Probably cant update to service pack 3 as it is then.
Use Spybots IMMUNISE feature (make sure it reads ZERO), as well as its scanning mode:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.3K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards