0

Hi All,
am really needing help as having big probs. I cannot access secure sites, I had been onto my IP which is AOL and they suggested a few things, which I tried, like checking security settings and parental controls, etc, but that did not help. Then the aol guy said my internet explorer could be corrupt so i tried un-installing that but when i click on windows components, to un-install it, it says 0mb like there is nothing there but i still have an internet explorer! Tried running no-adware which turned up spy search but then realised that i couldn't get rid of it unless i pais for the full version. Tried running windows defender but i couldn't get that to update, even though I followed the ms troubleshooting guide. have avast virus checker running at min which has been going since last night, but has turned up nothing. Am really losing the will here and would love someone to help. My basic prob started with not being able to connect to secure sites. I cannot even get onto messenger either now so i am assuming it is all related, i hope someone can help.:sad:

4
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by EAMON
0

Hi All,
am really needing help as having big probs. I cannot access secure sites, I had been onto my IP which is AOL and they suggested a few things, which I tried, like checking security settings and parental controls, etc, but that did not help. Then the aol guy said my internet explorer could be corrupt so i tried un-installing that but when i click on windows components, to un-install it, it says 0mb like there is nothing there but i still have an internet explorer! Tried running no-adware which turned up spy search but then realised that i couldn't get rid of it unless i pais for the full version. Tried running windows defender but i couldn't get that to update, even though I followed the ms troubleshooting guide. have avast virus checker running at min which has been going since last night, but has turned up nothing. Am really losing the will here and would love someone to help. My basic prob started with not being able to connect to secure sites. I cannot even get onto messenger either now so i am assuming it is all related, i hope someone can help.:sad:

Forgot to say before, my pc has slowed to a crawl, am assuming there is lots of spyware happening, spy dr turned up 113 items so i need to get rid but obviously can't without having the full version, what a con! anyway, have ran ccleaner to get rid of some rubbish in my temp files but still waiting for my knight in shining armour! ha ha

0

have done a hijack this scan so hopefully someone can have a look and tell me what they think? Thanks:)


Logfile of HijackThis v1.99.1
Scan saved at 12:44:16, on 07/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Common Files\AOL\1152789444\ee\AOLHostManager.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Common Files\AOL\1152789444\ee\AOLServiceHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\common files\aol\1152789444\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1152789444\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152789444\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bankofscotlandhalifax.co.uk
O15 - Trusted Zone: *.passport.com
O15 - Trusted Zone: *.passport.net
O15 - Trusted Zone: *.windowsonecare.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/157b0b2e567ef5059219/netzip/RdxIE601.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BF60065-27C3-4CA8-97E1-49F5C339622E}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

0

Can you use other browsers with AOL service, like FireFox? And see if you can access the secure sites:

Were you accessing a “Trusted Site” or “Restricted Site”?

Or does AOL offers a “Secure Sites” option on their IE browser?

From your description, of not being able to update to spyware files, it seem like you were infected by a virus, one that most likely targeted, deleted or modified critical registry keys. It may have started if you accepted a certificate when accessing a secure site, or may have bypassed you spyware applications.

You have a boat-load of applications that are resident with open ports. Any one cold have been the conduit for a rouge virus that entered your system, did the damage, and deleted itself.

I have re-installed Windows XP for my nephews’ computer several times with corrupted registry and applications.

They used AOL then. Now they converted to a direct DSL provider, I have installed NOD32 antivirus and Acronis Malware configured to alert the user before any registry modifications is called upon, and the users must accept or deny the change. A great line of defense that has proven to be the best combination so far.

If you do not have a backup/snapshot of your system, prior to the problems, it may be very difficult to determine what was altered.

I personally make a daily mirror image of my system with Acronis True Image; I have also looked at all my resident system & program and only have the ones I really need; to prevent having open ports that can potentially be exploited.

0

hey dude first put of the avast virus checker and i tell u its the woerst of all antivirus it jsut deleted my administrator without permisson and try formatting ur pc i mean all drives and try to instal XP AGAIN

Hi All,
am really needing help as having big probs. I cannot access secure sites, I had been onto my IP which is AOL and they suggested a few things, which I tried, like checking security settings and parental controls, etc, but that did not help. Then the aol guy said my internet explorer could be corrupt so i tried un-installing that but when i click on windows components, to un-install it, it says 0mb like there is nothing there but i still have an internet explorer! Tried running no-adware which turned up spy search but then realised that i couldn't get rid of it unless i pais for the full version. Tried running windows defender but i couldn't get that to update, even though I followed the ms troubleshooting guide. have avast virus checker running at min which has been going since last night, but has turned up nothing. Am really losing the will here and would love someone to help. My basic prob started with not being able to connect to secure sites. I cannot even get onto messenger either now so i am assuming it is all related, i hope someone can help.:sad:

0

Thanks for that, would it help if i were to post a HJT logfile?

0

Thanks for that, would it help if i were to post a HJT logfile?

Hi Rebscott, it may be that AOL connectivity is your problem. I was with AOL until recently and was having the same problem, except I used internet explorer as as my browser. I kept getting a warning icon in my task bar informing me I have limited or no connectivety. AOL told me to download their 'SP2 Connectivity Patch' to resolve this problem. After downloading it I still had connection problems wether I used IE, MSN or even AOL's browser. The connectivity warning icon did stop showing in my taskbar. So I checked my LAN connection via the control panel and found that the SP2 connectivity patch did not resolve the problem, but hid it by removing the ticks out of the boxes that tell you your connection is faulty. Next time you manage to get online with AOL you can check your connection speed, in the blue AOL window that opens up when you 1st get connected, go to the far right of the menu bar, click 'help' then in the drop down menu that opens click the bottom option 'About AOL', a window will open but this window is irrelevant as speed is concerned. But when this window is open, press the 'control' and then the 'y' keys. Your connection speed will then appear as 6 or 7 digits. I was paying for 2Mbps but found I was only getting speeds of 2 to 3 Kbps. I think AOL have overloaded their servers and multiplex systems by taking on anyone immediatly who is ready to subscribe without having the equipment to cope with demand due to their latest advertising campaign and the fact AOL is pre-installed on a majority of new OEM machines. Where-as Talk Talk for example although wanting your custom will make their new customers wait a few months until their sytem can cope with demand. AOL just seem to want to sign up anyone who applies, and once the 10 day cooling off period ends you are stuck with them for a year if using broadband. My advice would be try another ISP if you can, as since I left them my connectivity is faultless. Try not to use AOL software except to log on with as it is totally incompatible with Microsoft. One final suggestion, try using Ad-Aware and Spybot for spyware, both free and easy to use. Hope this helps,
Eamonn.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.