|
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
I downloaded and installed spyware pro which I now know is a rouge site and stolen my money( but I stupidly gave to them) Learnt my lesson, please check my file as Im sure I will have to unistall this product asap? Many thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:33, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneysavingexpert.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpywareProMFC] C:\Program Files\SpywarePro\SpywarePro.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [SpywareProMFC] C:\Program Files\SpywarePro\SpywarePro.exe (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139081797156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O24 - Desktop Component 0: (no name) - http://images.moneysavingexpert.com/js/analytics.js
--
End of file - 8867 bytes
|
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Hi ricecakes,
Please disable TeaTimer, it can be re-activated once your HijackThis log is clean at the end of this fix.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
Uninstall SpywarePro via the add/remove utility in the control panel if present. Alternatively go to start | All programs and use its own uninstaller if present.
Then in any event open Hijackthis, take another scan and place a checkmark next to these entries.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [SpywareProMFC] C:\Program Files\SpywarePro\SpywarePro.exe
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [SpywareProMFC] C:\Program Files\SpywarePro\SpywarePro.exe (User '?')
Close all open Windows except Hijackthis and click on "fix Checked".
Open Windows Explorer, Locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:
files...
C:\Program Files\SpywarePro\SpywarePro.exe
folders...
C:\Program Files\SpywarePro
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".
Reboot the computer for the changes to take effect.
Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.
Post the following:
- A new Hijackthis log
- The Uninstall List.
This may not remove all the infections present. It is important that you post back and complete the fix.
Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.
Joe.
PS. For the benefit of others how did you come by this rogue?
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
Edited by Joe_London (Fri Mar 28 2008 08:40 PM)
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Hi Joe, I'll print this and have a go? I'm not very confident in this field so I may screw up??? But I'll have a go, I came by this site on a google search and just clicked on installed for them to do a scan and paid via paypal and the rest is history!
Ricecakes
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Hi Joe, I'm confident that I did what you said..couldn't find anything in explore so completed the rest..as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:08, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC04.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneysavingexpert.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-842925246-299502267-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139081797156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O24 - Desktop Component 0: (no name) - http://images.moneysavingexpert.com/js/analytics.js
--
End of file - 8549 bytes
4oD
Ad-Aware SE Plus
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Apple Software Update
blueyonder Instant Support Tool
CCleaner (remove only)
eBay Toolbar
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 940c series
hp deskjet 940c series (Remove only)
iTunes
iX-100 My Camera Driver
iX-100 Twain Driver ver 1.0
Java(TM) 6 Update 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.13)
MSIDVD
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.1
Panda ActiveScan
QuickTime
RealPlayer
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Software para Impressoras EPSON
Spybot - Search & Destroy
Trust CR-1200 16-in-1 USB2 CARD READER
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VIA Audio Driver Setup Program
Virgin Broadband advisor 1.5.10
Virgin Broadband PCguard
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Thanks Joe look forward to your reply
Ricecakes x
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Hi Ricecakes.
Good job. I want to make sure that file and folder has gone, sometimes they are hidden.
Please go to Start | Run and type Notepad into the slot and click OK to open Notepad.
Copy and paste the part in bold red text below into notepad.
Go to the "File" menu at the top left of the window and click save as.
Set File type to "All files"
Then save it to your Desktop as direxie.bat
Return to your desktop and doubleclick direxie.bat to activate the batch file.
In a few seconds Notepad should open showing a list of files and folders.
Please copy and paste the text here in your next reply.
cd\
cd C:\Program Files
dir /x > C:\directory.txt
start notepad C:\directory.txt
I recommend a review of your securities.
I see the following present:
Ad-Aware SE Plus
Spybot - Search & Destroy
Can you tell me what Firewall you are using?
Also what Anti-virus do you have?
Do you have anything else by way of security I'm not aware of?
Did you install this yourself and do you know its legitimate?
O24 - Desktop Component 0: (no name) - http://images.moneysavingexpert.com/js/analytics.js
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Hi Joe as requested..Anti virus I'm using Virgin broadband PC Guard Total as part of Virgin media package which has anti virus, identity theft, anti spyware, privacy manager & firewall? Moneysavingexpert is a site I use regularly and had this as my homepage ?I do a panda virus check every 3 weeks? When I click on windows firewall it says not running & do I want to do a share using thingy me bob?? haha..
Volume in drive C is Mandys
Volume Serial Number is F4A2-D224
Directory of C:\Program Files
29/03/2008 13:28 <DIR> .
29/03/2008 13:28 <DIR> ..
18/06/2007 16:27 <DIR> Adobe
08/03/2007 21:09 <DIR> ALWILS~1 Alwil Software
18/12/2007 18:42 <DIR> APPLES~1 Apple Software Update
19/06/2006 08:03 <DIR> BLUEYO~2 blueyonder
30/10/2006 15:41 <DIR> BLUEYO~1 blueyonder IST
28/01/2008 16:11 <DIR> CCleaner
12/12/2007 22:25 <DIR> COMMON~1 Common Files
23/07/2003 14:02 <DIR> COMPLU~1 ComPlus Applications
23/07/2003 17:40 <DIR> CYBERL~1 CyberLink
23/01/2008 23:33 <DIR> DivX
15/11/2007 16:31 <DIR> eBay
26/03/2008 16:32 <DIR> ENIGMA~1 Enigma Software Group
02/08/2007 08:32 <DIR> Google
15/03/2007 17:47 <DIR> Grisoft
08/03/2005 15:43 <DIR> HEWLET~1 Hewlett-Packard
05/04/2005 11:22 <DIR> HPDESK~1 hp deskjet 940c series
28/03/2006 20:16 <DIR> IMESHA~1 iMesh Applications
22/03/2008 13:00 <DIR> INTERN~1 Internet Explorer
31/07/2007 20:39 <DIR> iPod
25/02/2008 11:59 <DIR> iTunes
26/03/2008 19:26 <DIR> Java
03/03/2008 23:27 <DIR> Kontiki
01/05/2007 08:36 <DIR> Lavasoft
09/03/2007 17:56 <DIR> LIZARD~1 LizardTech
16/01/2007 23:49 <DIR> MAXREG~1 Max Registry Cleaner
03/03/2008 23:27 <DIR> MESSEN~1 Messenger
07/11/2004 22:02 139,663 microavi.avg
25/07/2003 16:39 <DIR> MICROS~3 Microsoft ActiveSync
23/07/2003 14:06 <DIR> MICROS~1 microsoft frontpage
25/07/2003 16:38 <DIR> MICROS~2 Microsoft Office
30/10/2006 15:40 <DIR> Motive
09/09/2004 10:24 <DIR> MOVIEM~1 Movie Maker
29/03/2008 13:53 <DIR> MOZILL~1 Mozilla Firefox
12/03/2007 13:26 <DIR> MSBuild
23/07/2003 17:40 <DIR> MSIDVD
11/09/2006 19:43 <DIR> MSN
01/08/2007 16:14 <DIR> MSNGAM~2 MSN Games
23/07/2003 14:01 <DIR> MSNGAM~1 MSN Gaming Zone
26/03/2008 15:44 <DIR> MSNMES~1 MSN Messenger
14/10/2006 20:02 <DIR> MSXML4~1.0 MSXML 4.0
16/08/2007 00:22 <DIR> MSXML6~1.0 MSXML 6.0
09/09/2004 10:19 <DIR> NETMEE~1 NetMeeting
25/07/2003 16:26 <DIR> Nullsoft
19/05/2007 20:20 <DIR> OLYMPUS
23/07/2003 14:04 <DIR> ONLINE~1 Online Services
13/06/2007 14:36 <DIR> OUTLOO~1 Outlook Express
02/03/2008 22:51 <DIR> PANDAS~2 Panda Security
13/02/2007 12:33 <DIR> PANDAS~1 Panda Software
22/07/2006 21:40 <DIR> PCONPO~1 PConPoint
16/01/2007 23:52 <DIR> PCPITS~1 PCPitstop
03/03/2008 23:30 <DIR> QUICKT~1 QuickTime
27/12/2005 22:13 <DIR> Real
12/03/2007 13:20 <DIR> REFERE~1 Reference Assemblies
04/01/2008 16:50 <DIR> REGIST~2 RegistryFix
13/03/2008 17:42 <DIR> REGIST~1 RegistrySmart
21/12/2005 23:51 774,144 RNGINT~1.DLL RngInterstitial.dll
09/03/2007 16:49 <DIR> Samsung
13/03/2008 17:06 <DIR> SPYBOT~1 Spybot - Search & Destroy
12/12/2007 22:24 <DIR> SPYWAR~2 SpywareGuard
08/12/2007 00:05 <DIR> TRENDM~1 Trend Micro
03/03/2008 23:33 <DIR> TRUST_~1 Trust_CR-1200_16-in-1_USB2_CARD_READER
23/07/2003 14:14 <DIR> VIATEC~1 VIA Technologies, Inc
09/03/2007 20:42 <DIR> VIRGIN~1 Virgin Broadband
13/03/2007 23:48 <DIR> Webroot
23/07/2003 15:25 <DIR> WINDOW~4 Windows Journal Viewer
22/03/2008 18:06 <DIR> WIE5D0~1 Windows Live Safety Center
12/03/2007 13:34 <DIR> WI4DF6~1 Windows Media Connect 2
29/04/2007 10:08 <DIR> WINDOW~3 Windows Media Player
09/09/2004 10:19 <DIR> WINDOW~1 Windows NT
10/09/2006 15:21 <DIR> WinMX
23/07/2003 14:06 <DIR> xerox
28/01/2008 16:24 <DIR> Yahoo!
2 File(s) 913,807 bytes
72 Dir(s) 28,471,504,896 bytes free
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Hi Ricecakes.
All clear I'm pleased to say.
Quote:
When I click on windows firewall it says not running & do I want to do a share using thingy me bob?? haha..
Go to start | Control Panel | Security Center
Your firewall, anti-virus and automatic updates should all show ON. If this is not the case you're security is incorrectly set up.
Ideally you need a good third party firewall, an anti-virus and an anti-spyware programme. There are lots of good freeware programmes available. I also recommend installing the following:
Spywareblaster
SpywareBlaster doesn't scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
MacAffee Site advisor.
http://www.siteadvisor.com/
Also see Tony Klein's: So how did I get infected in the first place?
Let me know if you need further help.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Thanks joe, I will make a donation but its err 1.43am so tired out will log on tomorrow and sort out....
genius
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
JOE!! come back to firewall....I need urgent advise..I downloaded spywareblaster fine then avg 7.5 anti virus & I done the updates as it was saying my internal virus protection was ouy of date??? I done a scan and notice aftr a while that it had found a Trojan horse backdoor virus..I panicked then composed myself., I was waiting for it to finish the scan the it switched off and couldn't get computer to show desktop and would not do anything but show my background picture and no desktop icons, panicked again ..I opened up avg to check if virus was in vault and there was nothing in there!!!!!!!!!!! AARrrrhhhh what do I do (typical panicky woman.. lol help
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Hi, done another check with avg & pc guard & spybot and they all after a short while rebooted - as if they can not get passed something?? Then when eventually gone back on line my desktop had a notice saying it had turned off desk top items as error detected and to turn them back on? 
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Do you have a screen saver? you mentioned a picture earlier.
You must not run two anti-virus programmes as they will most probably conflict. If you are going to keep AVG then you must dispense with the other one.
I use AVG Anti-virus free myself and I can recommend it.
I also use Comodo Firewall at present and also find that very good.
Do not use the windows firewall as it only works one way on XP.
I don't know anything about the security package provided by Virgin as I've never used it. Not seen any reports either. Is it free?
So to recap, let me know about your screen-saver if you have one. If you do turn it off.
Choose your Anti-virus. and let me know the situation then.
I'm sure we can sort out the problem.
Joe.
PS. can you confine your posts to this thread please as it becomes confusing and its not recommended to take advice from different sources on matters of security.
Stay calm. lol
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
Edited by Joe_London (Mon Mar 31 2008 11:51 PM)
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Meant to post this image for you earlier but couldn't because the Blueyonder ftp server was down. don't you just love computers.
This is an image of my own security center. If yours is different let me know.
Click on each one separately and tell me which one is running
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Hi Joe, right i got to try and type this before I go off line again...this is the third attempt!! Only using avg now disabled the other no screen saver and no desktop picture, firewall is pc guard total (seems to be OK, always prompts me if anything changes?) Desktop recovery restore is still displayed & when i try to restore it says script error & do i want to continue running scripts?
The security centre picture you have below : I can access it but this is what it says; The security centre is currently unavailable because the security centre service has not started or was stopped. please close this window and restart the computer (or start the security centre service )then open the security centre again?
I have downloaded a trojan horse remover but I know when I start the scan my computer will freeze or reset itself...
Help (my computer keeps me sane)
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Quote:
I have downloaded a trojan horse remover but I know when I start the scan my computer will freeze or reset itself...
Please don't download or run anything for now other than whats recommended here.
Your problem seems to have occurred when you ran AVG Anti-virus. Where did you download it from?
I want you to download and run a programme called Combofix.
You must follow the instructions at this site carefully for it to work properly. When you have the log please post it here and also give us a report on the current situation.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Its actually not as difficult as it appears.
If you have any questions at all post back before you commence.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
Joe, I have unistalled the trojan remover albeit I did use the scan! I also ran a panda active scan but that froze me out? but while that was scanning AVG detected the malware/virus and asked what to do with it, so i put it in its vault?? Will wait your reply..The virus is in:
c|documentsandsettings\allusers\startmenu\program\downloadprogram.exetrojanhorsebackdoor.hupigon3.AHGM
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Quote:
I have unistalled the trojan remover albeit I did use the scan! I also ran a panda active scan but that froze me out? but while that was scanning AVG detected the malware/virus and asked what to do with it, so i put it in its vault?? Will wait your reply..The virus is in:
c|documentsandsettings\allusers\startmenu\program\downloadprogram.exetrojanhorsebackdoor.hupigon3.AHGM
That is a link in all programs to what ever this infected programme is. If you go to:
Start |All programs you should see the link there if it still exists.
To delete it go to Start | Run
Now copy and past the following bold text into the slot and then click OK.
C:\Documents and Settings\All Users\Start Menu\Programs
Now search for
downloadprogram.exetrojanhorsebackdoor.hupigon3.AHGM
This is only a shortcut to the bad file/programme.
Right click on it and then click "Properties" and make a note of its full name and location.
Then delete
downloadprogram.exetrojanhorsebackdoor.hupigon3.AHGM
If its already quaratined in AVG, open AVG and clean out anything quarantined in there.
Then proceed with the instructions in my last post.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
hi joe quick re[ly again whilst i got chance, done what you said re above: virus was in vault so deleted and them emptied recycle bin...later on done a scan again and nothing then i done a cc clean and avg said found virus again but in system restore..its been hell trying to stay on-line???? I have printed then combo guide and done what it said and when i put combo onto the recovery thing i get a message saying file application corrupt start a fresh ? something? so it will not go to the preparing to run stage????? i disbled and closed the anti virus and diasbled my firewall so im not sure what to do now? My clock earlier was half hr behind and thnngs were incredibly slow pages to minimise were opening like a flower in bloom in very slow motion? omg im going stir crazy. ricecakes
|
ricecakes
regular
Reg'd: Wed
Posts: 33
|
|
actually Joe I have just checked in the vault again and it says :
c:\system volume information\restore{E82296EE-6E53-4FB1-971D-E4FDDA22A900}\RP683\A0117437.exe moved object invected
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10701
Loc: London
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
