Jump to content

RifRaf

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by RifRaf

  1. Hi Jean thanks again for your swift reply. I've completed all the steps you suggested and have installed a couple of the programs you provided in your last reply. The machine now looks good and is a million times quicker than when I first offered to help out my friend. I'll give him his machine back tomorrow and advise him on some safer surfing techniques Once again thanks for all your help and keep up the good work.
  2. Thanks for the reply Jean. I have followed your instructions and here are the latest logs: Malwarebytes' Anti-Malware 1.24 Database version: 1031 Windows 5.1.2600 Service Pack 2 19:02:45 07/08/2008 mbam-log-8-7-2008 (19-02-45).txt Scan type: Quick Scan Objects scanned: 43937 Time elapsed: 7 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:04:23, on 07/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1130227887\ee\AOLSoftware.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Kontiki\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\AOL Companion\companion.exe c:\program files\common files\aol\1130227887\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1130227887\ee\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\AVG\AVG8\avgcmgr.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130227887\ee\AOLSoftware.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9109 bytes CWShredder no longer reports issues with CWS.Svchost32. IS there anything elese I should be aware of ? The only other thing is the hosts file in C:\Windows\System32\Drivers\etc has a load of entries which start #6.180.173.39 instead of 66.180.173.39 as they did earlier and a load more 127.0.0.1. Are these all added by SpyBot S&D ? Thanks again for all your help so far.
  3. Hi JeanInMontana I read the instructions after I posted, apologies. I did set the scans running but they took so long, here are the results: Malwarebytes' Anti-Malware 1.24 Database version: 1020 Windows 5.1.2600 Service Pack 2 17:31:09 04/08/2008 mbam-log-8-4-2008 (17-31-09).txt Scan type: Full Scan (C:\|) Objects scanned: 65109 Time elapsed: 42 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-08-04 06:23:43 PROTECTIONS: 1 MALWARE: 12 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.3806.0 No Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00003992 spyware/adclicker Spyware No 1 Yes No hkey_classes_root\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07} 00035872 adware/popuper Adware No 0 Yes No c:\documents and settings\all users\favorites\online antivirus and spyware remover.url 00035872 adware/popuper Adware No 0 Yes No c:\documents and settings\all users\favorites\online directory of pure porn.url 00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page 00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Search\SearchAssistant 00112450 adware/easysearch Adware No 0 Yes No c:\recycler\index.html 00112450 adware/easysearch Adware No 0 Yes No c:\recycler\easysearch_google.jpg 00165355 adware/nowfind Adware No 0 Yes No c:\windows\system32\icnfe.dll 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Richard Sadler\Cookies\richard_sadler@com[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Richard Sadler\Cookies\richard_sadler@xiti[1].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Richard Sadler\Cookies\richard_sadler@toplist[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Richard Sadler\Cookies\richard_sadler@ad.yieldmanager[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Richard Sadler\Cookies\richard_sadler@adtech[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Richard Sadler\Cookies\richard_sadler@statse.webtrendslive[2].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location į ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description į ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:38:14, on 04/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\apps\ABoard\AOSD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Kontiki\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\AOL\1130227887\ee\aolsoftware.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\AOL Companion\companion.exe c:\program files\common files\aol\1130227887\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1130227887\ee\aolsoftware.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 O1 - Hosts: 66.180.173.39 google.ae O1 - Hosts: 66.180.173.39 google.am O1 - Hosts: 66.180.173.39 google.as O1 - Hosts: 66.180.173.39 google.az O1 - Hosts: 66.180.173.39 google.bi O1 - Hosts: 66.180.173.39 google.cd O1 - Hosts: 66.180.173.39 google.cg O1 - Hosts: 66.180.173.39 google.ci O1 - Hosts: 66.180.173.39 google.cl O1 - Hosts: 66.180.173.39 google.co.cr O1 - Hosts: 66.180.173.39 google.co.hu O1 - Hosts: 66.180.173.39 google.co.in O1 - Hosts: 66.180.173.39 google.co.je O1 - Hosts: 66.180.173.39 google.co.jp O1 - Hosts: 66.180.173.39 google.co.ke O1 - Hosts: 66.180.173.39 google.co.ls O1 - Hosts: 66.180.173.39 google.co.th O1 - Hosts: 66.180.173.39 google.co.ug O1 - Hosts: 66.180.173.39 google.co.uk O1 - Hosts: 66.180.173.39 google.co.ve O1 - Hosts: 66.180.173.39 google.dj O1 - Hosts: 66.180.173.39 google.es O1 - Hosts: 66.180.173.39 google.fm O1 - Hosts: 66.180.173.39 google.gg O1 - Hosts: 66.180.173.39 google.gl O1 - Hosts: 66.180.173.39 google.gm O1 - Hosts: 66.180.173.39 google.hn O1 - Hosts: 66.180.173.39 google.kz O1 - Hosts: 66.180.173.39 google.li O1 - Hosts: 66.180.173.39 google.lt O1 - Hosts: 66.180.173.39 google.lu O1 - Hosts: 66.180.173.39 google.lv O1 - Hosts: 66.180.173.39 google.mn O1 - Hosts: 66.180.173.39 google.ms O1 - Hosts: 66.180.173.39 google.mu O1 - Hosts: 66.180.173.39 google.mw O1 - Hosts: 66.180.173.39 google.no O1 - Hosts: 66.180.173.39 google.off.ai O1 - Hosts: 66.180.173.39 google.pn O1 - Hosts: 66.180.173.39 google.pt O1 - Hosts: 66.180.173.39 google.ro O1 - Hosts: 66.180.173.39 google.ru O1 - Hosts: 66.180.173.39 google.rw O1 - Hosts: 66.180.173.39 google.se O1 - Hosts: 66.180.173.39 google.sh O1 - Hosts: 66.180.173.39 google.sk O1 - Hosts: 66.180.173.39 google.sm O1 - Hosts: 66.180.173.39 google.td O1 - Hosts: 66.180.173.39 google.tm O1 - Hosts: 66.180.173.39 google.tt O1 - Hosts: 66.180.173.39 google.uz O1 - Hosts: 66.180.173.39 google.vg O1 - Hosts: 66.180.173.39 google.ae O1 - Hosts: 66.180.173.39 google.am O1 - Hosts: 66.180.173.39 google.as O1 - Hosts: 66.180.173.39 google.az O1 - Hosts: 66.180.173.39 google.bi O1 - Hosts: 66.180.173.39 google.cd O1 - Hosts: 66.180.173.39 google.cg O1 - Hosts: 66.180.173.39 google.ci O1 - Hosts: 66.180.173.39 google.cl O1 - Hosts: 66.180.173.39 google.co.cr O1 - Hosts: 66.180.173.39 google.co.hu O1 - Hosts: 66.180.173.39 google.co.in O1 - Hosts: 66.180.173.39 google.co.je O1 - Hosts: 66.180.173.39 google.co.jp O1 - Hosts: 66.180.173.39 google.co.ke O1 - Hosts: 66.180.173.39 google.co.ls O1 - Hosts: 66.180.173.39 google.co.th O1 - Hosts: 66.180.173.39 google.co.ug O1 - Hosts: 66.180.173.39 google.co.uk O1 - Hosts: 66.180.173.39 google.co.ve O1 - Hosts: 66.180.173.39 google.dj O1 - Hosts: 66.180.173.39 google.es O1 - Hosts: 66.180.173.39 google.fm O1 - Hosts: 66.180.173.39 google.gg O1 - Hosts: 66.180.173.39 google.gl O1 - Hosts: 66.180.173.39 google.gm O1 - Hosts: 66.180.173.39 google.hn O1 - Hosts: 66.180.173.39 google.kz O1 - Hosts: 66.180.173.39 google.li O1 - Hosts: 66.180.173.39 google.lt O1 - Hosts: 66.180.173.39 google.lu O1 - Hosts: 66.180.173.39 google.lv O1 - Hosts: 66.180.173.39 google.mn O1 - Hosts: 66.180.173.39 google.ms O1 - Hosts: 66.180.173.39 google.mu O1 - Hosts: 66.180.173.39 google.mw O1 - Hosts: 66.180.173.39 google.no O1 - Hosts: 66.180.173.39 google.off.ai O1 - Hosts: 66.180.173.39 google.pn O1 - Hosts: 66.180.173.39 google.pt O1 - Hosts: 66.180.173.39 google.ro O1 - Hosts: 66.180.173.39 google.ru O1 - Hosts: 66.180.173.39 google.rw O1 - Hosts: 66.180.173.39 google.se O1 - Hosts: 66.180.173.39 google.sh O1 - Hosts: 66.180.173.39 google.sk O1 - Hosts: 66.180.173.39 google.sm O1 - Hosts: 66.180.173.39 google.td O1 - Hosts: 66.180.173.39 google.tm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {602DD5BD-6413-46D9-B655-937776DFEA19} - C:\WINDOWS\system32\ljJYRHBT.dll (file missing) O2 - BHO: (no name) - {6BAF4B9A-3399-4233-A380-109DFD48E690} - C:\WINDOWS\system32\andcea.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {D8A7FBC6-AE1D-4743-9E70-21902FB19B6D} - C:\WINDOWS\system32\ljJAPIax.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130227887\ee\AOLSoftware.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJAPIax - ljJAPIax.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://www.focusstoc.com/forums/uploads/11..._2_2_117383.jpg O24 - Desktop Component 1: (no name) - http://www.wolves.premiumtv.co.uk/content/...R64/367353.JPEG -- End of file - 13753 bytes Hope all this makes sense. If my friend had told me how bad his machine was before I offered to help think I may have thought twice. Thanks Jay
  4. Hi all New here and having a couple of issues. Started with pop-ups and pc became very slow. Couldn't get windows updates or any antispyware software to install. Slowly but surely I have started cleaing things up and CWShredder reports that it has found CWS.Svchost32 but I can't seem to get rid of it. I have tried SpyBot S&D, Lavasoft Adaware, SuperAntiSpyware, Trojan Hunter, Windows Defender and everything they listed has been removed but HJT log still shows the following: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:45, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\SOUNDMAN.EXE C:\apps\ABoard\ABoard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\apps\ABoard\AOSD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1130227887\ee\AOLSoftware.exe C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Kontiki\KHost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe c:\program files\common files\aol\1130227887\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe c:\program files\common files\aol\1130227887\ee\aolsoftware.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 O1 - Hosts: 66.180.173.39 google.ae O1 - Hosts: 66.180.173.39 google.am O1 - Hosts: 66.180.173.39 google.as O1 - Hosts: 66.180.173.39 google.az O1 - Hosts: 66.180.173.39 google.bi O1 - Hosts: 66.180.173.39 google.cd O1 - Hosts: 66.180.173.39 google.cg O1 - Hosts: 66.180.173.39 google.ci O1 - Hosts: 66.180.173.39 google.cl O1 - Hosts: 66.180.173.39 google.co.cr O1 - Hosts: 66.180.173.39 google.co.hu O1 - Hosts: 66.180.173.39 google.co.in O1 - Hosts: 66.180.173.39 google.co.je O1 - Hosts: 66.180.173.39 google.co.jp O1 - Hosts: 66.180.173.39 google.co.ke O1 - Hosts: 66.180.173.39 google.co.ls O1 - Hosts: 66.180.173.39 google.co.th O1 - Hosts: 66.180.173.39 google.co.ug O1 - Hosts: 66.180.173.39 google.co.uk O1 - Hosts: 66.180.173.39 google.co.ve O1 - Hosts: 66.180.173.39 google.dj O1 - Hosts: 66.180.173.39 google.es O1 - Hosts: 66.180.173.39 google.fm O1 - Hosts: 66.180.173.39 google.gg O1 - Hosts: 66.180.173.39 google.gl O1 - Hosts: 66.180.173.39 google.gm O1 - Hosts: 66.180.173.39 google.hn O1 - Hosts: 66.180.173.39 google.kz O1 - Hosts: 66.180.173.39 google.li O1 - Hosts: 66.180.173.39 google.lt O1 - Hosts: 66.180.173.39 google.lu O1 - Hosts: 66.180.173.39 google.lv O1 - Hosts: 66.180.173.39 google.mn O1 - Hosts: 66.180.173.39 google.ms O1 - Hosts: 66.180.173.39 google.mu O1 - Hosts: 66.180.173.39 google.mw O1 - Hosts: 66.180.173.39 google.no O1 - Hosts: 66.180.173.39 google.off.ai O1 - Hosts: 66.180.173.39 google.pn O1 - Hosts: 66.180.173.39 google.pt O1 - Hosts: 66.180.173.39 google.ro O1 - Hosts: 66.180.173.39 google.ru O1 - Hosts: 66.180.173.39 google.rw O1 - Hosts: 66.180.173.39 google.se O1 - Hosts: 66.180.173.39 google.sh O1 - Hosts: 66.180.173.39 google.sk O1 - Hosts: 66.180.173.39 google.sm O1 - Hosts: 66.180.173.39 google.td O1 - Hosts: 66.180.173.39 google.tm O1 - Hosts: 66.180.173.39 google.tt O1 - Hosts: 66.180.173.39 google.uz O1 - Hosts: 66.180.173.39 google.vg O1 - Hosts: 66.180.173.39 google.ae O1 - Hosts: 66.180.173.39 google.am O1 - Hosts: 66.180.173.39 google.as O1 - Hosts: 66.180.173.39 google.az O1 - Hosts: 66.180.173.39 google.bi O1 - Hosts: 66.180.173.39 google.cd O1 - Hosts: 66.180.173.39 google.cg O1 - Hosts: 66.180.173.39 google.ci O1 - Hosts: 66.180.173.39 google.cl O1 - Hosts: 66.180.173.39 google.co.cr O1 - Hosts: 66.180.173.39 google.co.hu O1 - Hosts: 66.180.173.39 google.co.in O1 - Hosts: 66.180.173.39 google.co.je O1 - Hosts: 66.180.173.39 google.co.jp O1 - Hosts: 66.180.173.39 google.co.ke O1 - Hosts: 66.180.173.39 google.co.ls O1 - Hosts: 66.180.173.39 google.co.th O1 - Hosts: 66.180.173.39 google.co.ug O1 - Hosts: 66.180.173.39 google.co.uk O1 - Hosts: 66.180.173.39 google.co.ve O1 - Hosts: 66.180.173.39 google.dj O1 - Hosts: 66.180.173.39 google.es O1 - Hosts: 66.180.173.39 google.fm O1 - Hosts: 66.180.173.39 google.gg O1 - Hosts: 66.180.173.39 google.gl O1 - Hosts: 66.180.173.39 google.gm O1 - Hosts: 66.180.173.39 google.hn O1 - Hosts: 66.180.173.39 google.kz O1 - Hosts: 66.180.173.39 google.li O1 - Hosts: 66.180.173.39 google.lt O1 - Hosts: 66.180.173.39 google.lu O1 - Hosts: 66.180.173.39 google.lv O1 - Hosts: 66.180.173.39 google.mn O1 - Hosts: 66.180.173.39 google.ms O1 - Hosts: 66.180.173.39 google.mu O1 - Hosts: 66.180.173.39 google.mw O1 - Hosts: 66.180.173.39 google.no O1 - Hosts: 66.180.173.39 google.off.ai O1 - Hosts: 66.180.173.39 google.pn O1 - Hosts: 66.180.173.39 google.pt O1 - Hosts: 66.180.173.39 google.ro O1 - Hosts: 66.180.173.39 google.ru O1 - Hosts: 66.180.173.39 google.rw O1 - Hosts: 66.180.173.39 google.se O1 - Hosts: 66.180.173.39 google.sh O1 - Hosts: 66.180.173.39 google.sk O1 - Hosts: 66.180.173.39 google.sm O1 - Hosts: 66.180.173.39 google.td O1 - Hosts: 66.180.173.39 google.tm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {602DD5BD-6413-46D9-B655-937776DFEA19} - C:\WINDOWS\system32\ljJYRHBT.dll (file missing) O2 - BHO: (no name) - {6BAF4B9A-3399-4233-A380-109DFD48E690} - C:\WINDOWS\system32\andcea.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {D8A7FBC6-AE1D-4743-9E70-21902FB19B6D} - C:\WINDOWS\system32\ljJAPIax.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130227887\ee\AOLSoftware.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ljJAPIax - ljJAPIax.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://www.focusstoc.com/forums/uploads/11..._2_2_117383.jpg O24 - Desktop Component 1: (no name) - http://www.wolves.premiumtv.co.uk/content/...R64/367353.JPEG -- End of file - 13503 bytes I'm no expert by any stretch of the imagination but I know that doesn't look right. Many thanks in advance for any replies.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.