0

hi, i did as follows in another post, please can u help me with this. thanks


Logfile of HijackThis v1.99.1
Scan saved at 14:59:14, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
c:\program files\common
files\aol\1149184109\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\AOL\1149184109\ee\aolsoftware.exe
c:\program files\common files\aol\1149184109\ee\aolsoftware.exe
C:\Documents and Settings\Kristy\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tiny.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.co
m/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS
8ol96sK2OG3BgybOui0m33ofM1ogYKpGYepUk3Vv5MbqpKmhoGN0VcFvUZwo7K4yGhoCnyFFPP3ML
nUKVIMfXOEJiUb2ZgjG8NDuab2Mt2Nqs3sC3phaeU4chR4A86QxciClGMsu44Q2tX2cjb08XwU0N0
EYo7scOxotz4BDndHsIK26D8bWN6bL283iW6RD5XcG5Bc9WQRsbH9pRj2xpkle1mKc4fhtI=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page =
C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {3030FDA4-6634-639C-6483-3B46E4E8D7BE} - (no
file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {D143A27C-65EC-3013-B189-6B53958438B3} - (no
file)
R3 - URLSearchHook: (no name) - {E907CB82-0149-50B9-48E0-58C0DC2004EB} - (no
file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} -
C:\WINDOWS\system32\urqronm.dll (file missing)
O2 - BHO: (no name) - {38826B09-1030-2347-010F-07EE65447E10} -
C:\WINDOWS\system32\nugjixh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9A40690D-4C02-45A8-BBDF-368DFF4EE150} -
C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} -
C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} -
C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus
Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus
Photo RX420 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [xfadswj.dll] C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\xfadswj.dll,kytrldb
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate
Cleaner\App.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1149184109\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common
Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [Ultm] "C:\WINDOWS\system32\SSEMBL~1\ping.exe" -vt ndrv
O4 - HKCU\..\Run: [Nqnzqv] C:\DOCUME~1\Kristy\APPLIC~1\PPPATC~1\NPDB~1.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download
Manager\fdm.exe -autorun
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm070YYGB
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program
Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF}
- C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O9 - Extra 'Tools' menuitem: Morpheus Toolbar -
{119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus
Toolbar\morpheustoolbar.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F}
- C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth
Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-
30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsct
l.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) -
http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/OpiS
tat_preinstaller_activex_en_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb
_site.cab?1142359150609
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -
https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.
cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) -
http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) -
http://esupport.aolsvc.aol.co.uk/uk/engine/aolcinst_uk_uk.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8222FEB4-9902-46A3-B0B2-524ABF83FEFB}:
NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} -
C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: 49.dll c:\windows\system32\mmc.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\enj8l11u1.dll (file
missing)
O20 - Winlogon Notify: urqronm - urqronm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation -
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks
Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -
Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd
- C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) -
Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file
missing)

2
Contributors
1
Reply
2
Views
11 Years
Discussion Span
Last Post by Colin Mac
0

Take a look here and note that Morpheus is listed as an infected P2P program. There are clean alternatives.
http://p2p.malwareremoval.com/index.html

Only one active antivirus should be installed so choose one and uninstall the others.

Download CCleaner
http://www.ccleaner.com/

Start CCleaner.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
Deselect "Only delete files in Windows Temp folders older than 48 hours".
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
After CCleaner has completed, click Exit


Download AVG Anti-Spyware http://www.ewido.net/en/download/
· Install and run
· Click Scanner
· select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· UnSelect "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Click Apply all actions
· Click the Save report button.
· Save the report to your C: Drive
Reboot
Post that log and a new HiJack log but first

Rescan with Hijackthis and place a check beside the following if stiil present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://as.starware.com/dp/search?x=w...ubcDXggyks41LS
8ol96sK2OG3BgybOui0m33ofM1ogYKpGYepUk3Vv5MbqpKmhoGN0VcFvUZwo7K4yGhoCnyFFPP3ML
nUKVIMfXOEJiUb2ZgjG8NDuab2Mt2Nqs3sC3phaeU4chR4A86QxciClGMsu44Q2tX2cjb08XwU0N0
EYo7scOxotz4BDndHsIK26D8bWN6bL283iW6RD5XcG5Bc9WQRsbH9pRj2xpkle1mKc4fhtI=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {3030FDA4-6634-639C-6483-3B46E4E8D7BE} - (no
file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {D143A27C-65EC-3013-B189-6B53958438B3} - (no
file)
R3 - URLSearchHook: (no name) - {E907CB82-0149-50B9-48E0-58C0DC2004EB} - (no
file)
BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} -
C:\WINDOWS\system32\urqronm.dll (file missing)
O2 - BHO: (no name) - {38826B09-1030-2347-010F-07EE65447E10} -
C:\WINDOWS\system32\nugjixh.dll (file missing)
O2 - BHO: (no name) - {9A40690D-4C02-45A8-BBDF-368DFF4EE150} -
C:\WINDOWS\system32\jkhhi.dll (file missing)
O4 - HKLM\..\Run: [xfadswj.dll] C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\xfadswj.dll,kytrldb
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate
Cleaner\App.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...p=ZJxdm070YYGB
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) -
http://a14.g.akamai.net/f/14/7141/1d...tmeter4_6/OpiS
tat_preinstaller_activex_en_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)

Make sure all other windows are closed and click Fix checked

Search for and delete the following files and folders if present

C:\Program Files\Ultimate Cleaner
.protected <---find via Start-Search

Paste the AVG report and a new Hijackthis log

.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.