We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
spyware help!
mutley74
Posts: 4,033 Forumite
in Techie Stuff
Okay i have followed all the steps listed in the thread started by Browntoa steps 1-4.
problem: when i start interent it does not let me homepage load (bbc news) and does not let me use google. instead tries to bring up a page for adverts and xxxx rated sites adverts.
None of the programmes found anything wrong with my pc except pandascan. Here is the file saved by that:
===========
Adware:adware/sbsoft Not disinfected c:\windows\rdt.ini
Virus:trj/conhook.a Disinfected Operating system
==================
when i ran panda activescan again only the adware still came up. i have since disabled system restore as suggested by panda website.
problem: when i start interent it does not let me homepage load (bbc news) and does not let me use google. instead tries to bring up a page for adverts and xxxx rated sites adverts.
None of the programmes found anything wrong with my pc except pandascan. Here is the file saved by that:
===========
Adware:adware/sbsoft Not disinfected c:\windows\rdt.ini
Virus:trj/conhook.a Disinfected Operating system
==================
when i ran panda activescan again only the adware still came up. i have since disabled system restore as suggested by panda website.
0
Comments
-
i have tried running hijack this and this is the log programme:
BTW nothing came up identified with ewido.
Logfile of HijackThis v1.99.1
Scan saved at 14:22:48, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - !!5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - !!9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - !!47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NSYSCPLSTR] init32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: !!2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: !!2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stepupnow.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: !!644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161376648875
O16 - DPF: !!8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://ukportal.amec.com/InternalSite/WhlCompMgr.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!6D79666B-C83D-4A62-ACE3-7A60A7824030}: NameServer = 85.255.113.195 85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{A01BE351-D4D9-4A55-A79A-C509CFE57204}: NameServer = 85.255.113.195,85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6AFBFA-76B1-449D-B108-6AD5B1D30E90}: NameServer = 85.255.113.195,85.255.112.223
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe0 -
this needs fixing
O4 - HKCU\..\Run: [NSYSCPLSTR] init32.exe
unless you know what this is, remove it
O16 - DPF: !!8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://ukportal.amec.com/InternalSite/WhlCompMgr.cab
these
O17 - HKLM\System\CCS\Services\Tcpip\..\!!6D79666B-C83D-4A62-ACE3-7A60A7824030}: NameServer = 85.255.113.195 85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{A01BE351-D4D9-4A55-A79A-C509CFE57204}: NameServer = 85.255.113.195,85.255.112.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6AFBFA-76B1-449D-B108-6AD5B1D30E90}: NameServer = 85.255.113.195,85.255.112.223
you need to locate this and delete it
O4 - HKCU\..\Run: [NSYSCPLSTR] init32.exeEx forum ambassador
Long term forum member0 -
cool quick reply..thanks
the 016 whale components - thats needed for remote access to my company network.
the others - i dont know what they are.
how do i remove them? Shall i rerun the Hijack this and check them off for deletion or do you recommend another route?
thanks again0 -
oh i do i fix this that you suggested
O4 - HKCU\..\Run: [NSYSCPLSTR] init32.exe
?0 -
yes tick those I mentioned including init32.exe
then fix
then reboot, rescan with Hijackthis and see if that init32 has re-appearedEx forum ambassador
Long term forum member0 -
okay did as you suggest. problem still there on reboot i.e. home page hijacked by some advert for xxxx rated sites.
here is a print off from hijack this done after the removals if it helps:
===================================
Logfile of HijackThis v1.99.1
Scan saved at 15:34:35, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.bbc.co.uk/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - !!5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: ST - !!9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-
gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - !!47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1
\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1
\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT
Broadband.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-
Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03
\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\SMARTB~1
\BTHelpNotifier.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event
Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1
\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL
Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL
Modem\dslagent.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT
Broadband Help\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1
\J2GTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program
Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F}
- C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-
5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %
windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7
-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: !!193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: !!1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan
Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti
vex/hcImpl.cab
O16 - DPF: !!2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://stepupnow.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: !!644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb
_site.cab?1161376648875
O16 - DPF: !!8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) -
https://ukportal.amec.com/InternalSite/WhlCompMgr.cab
O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!6D79666B-C83D-4A62-ACE3-
7A60A7824030}: NameServer = 85.255.113.195 85.255.112.223
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} -
C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation -
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
thanks in desperation now arghhhhh0 -
I find that Spybot Search and Destroy is a useful piece of Software; http://www.safer-networking.org/en/index.html
Update and then run a scan. You can use the tools included to lock IE against Browser Hijacking, view your running processes, check and disable start up items... Try it. It's free. If it helps, make a small donation.0 -
I take it you did run all the stuff in the spyware thread in safe mode ??
this item is still in the log
O17 - HKLM\System\CCS\Services\Tcpip\..\!!6D79666B-C83D-4A62-ACE3-
7A60A7824030}: NameServer = 85.255.113.195 85.255.112.223Ex forum ambassador
Long term forum member0 -
thanks for reply. yes i have run all the spyware checks as per your 4 step guide in safe mode.
Also tried spybot search and destroy - did not detect anything.
not near pc right now but will try to remove the suspect you suggest. will report back later tommorow.
many thanks0 -
Don't forget to utilise the Tools within SpyBot. Go to 'Tools' and check out Browser Pages', Start Up Items, BHOs and Host File. There's a Help button on each page.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards