|
| ||
| Red warning triangle on desktop Help I have a large red rectangle on my desktop which says i have adware on my pc and to activate my antivirus i have used all the progs like search and destroy etc now i have used hijack this and enclosed the results. Any help would be appreciated. Thankyou. Logfile of HijackThis v1.99.1 Scan saved at 19:58:23, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Sophos\Remote Management System\RouterNT.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\kgs\Desktop\photos\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mykeigs1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.24.*.* O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Download Studio Click Monitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - C:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DownloadStudio] "C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" O4 - HKLM\..\Run: [lphclprj0ecdt] "C:\WINDOWS\system32\lphclprj0ecdt.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunOnce: [SpybotDeletingA2415] "C:\WINDOWS\system32\command.com" /c del "C:\Documents and Settings\inneslin68\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk" O4 - HKLM\..\RunOnce: [SpybotDeletingC3486] "C:\WINDOWS\system32\cmd.exe" /c del "C:\Documents and Settings\inneslin68\Start Menu\Programs\Spyware Stormer\Spyware Stormer.lnk" O4 - HKLM\..\RunOnce: [SpybotDeletingA6561] "C:\WINDOWS\system32\command.com" /c del "C:\Documents and Settings\inneslin68\Start Menu\Programs\Spyware Stormer\Uninstall.lnk" O4 - HKLM\..\RunOnce: [SpybotDeletingC1195] "C:\WINDOWS\system32\cmd.exe" /c del "C:\Documents and Settings\inneslin68\Start Menu\Programs\Spyware Stormer\Uninstall.lnk" O4 - HKLM\..\RunOnce: [SpybotDeletingA8641] "C:\WINDOWS\system32\command.com" /c del "C:\Documents and Settings\inneslin68\Start Menu\Programs\Spyware Stormer\Website.lnk" O4 - HKLM\..\RunOnce: [SpybotDeletingC5657] "C:\WINDOWS\system32\cmd.exe" /c del "C:\Documents and Settings\inneslin68\Start Menu\Programs\Spyware Stormer\Website.lnk" O4 - HKLM\..\RunOnce: [SpybotDeletingA8283] "C:\WINDOWS\system32\command.com" /c del "C:\Documents and Settings\lestij\Application Data\Starware\Weather\AlertArchive.xml" O4 - HKLM\..\RunOnce: [SpybotDeletingC1287] "C:\WINDOWS\system32\cmd.exe" /c del "C:\Documents and Settings\lestij\Application Data\Starware\Weather\AlertArchive.xml" O4 - HKLM\..\RunOnce: [SpybotDeletingA4880] "C:\WINDOWS\system32\command.com" /c del "C:\Documents and Settings\mackad1\Application Data\Starware\Weather\AlertArchive.xml" O4 - HKLM\..\RunOnce: [SpybotDeletingC1680] "C:\WINDOWS\system32\cmd.exe" /c del "C:\Documents and Settings\mackad1\Application Data\Starware\Weather\AlertArchive.xml" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm O8 - Extra context menu item: Download Video using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_video.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .scr: C:\Program Files\Internet Explorer\PLUGINS\npchime.dll O14 - IERESET.INF: START_PAGE_URL=http://mykeigs1 O15 - Trusted Zone: www.gridclub.com (HKLM) O15 - Trusted Zone: www.linguascope.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122574372600 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = morayschools.gov.uk O17 - HKLM\Software\..\Telephony: DomainName = morayschools.gov.uk O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = morayschools.gov.uk O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = morayschools.gov.uk O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos Agent - Unknown owner - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent (file missing) O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Message Router - Unknown owner - C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: WLAN-Button - Unknown owner - c:\windows\srvany.exe |
| ||
| Re: Red warning triangle on desktop Reboot your computer. Your log shows Spybot needs to run at Start up in order to remove infections. Then go back up HERE and download, install, update and run Malwarebytes' Anti-Malware program. Please allow it to fix everything found. REBOOT the computer again and run a NEW HJT scan and post both the Malwarebytes log and the new HJT log |
| ||
| Re: Red warning triangle on desktop Hi I have done all the things you recommended and it seems to have got rid of everything. Thanks again for your help. |
| ||
| Re: Red warning triangle on desktop If you are sure all is fine that great. If you would like me to check the logs again to be sure I will be very happy to do so. Judy |
| All times are GMT -4. The time now is 12:39 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC