Jump to content

Intervalhehehe virus


LisaH

Recommended Posts

Hello I'm new here and not too sure what I am doing so let me know if I am doing something wrong.

I had winrar and it seems to have given me this virus/spyware. I have removed this using Spybot but I still have the problem that when I go to Google or other sites it comes up Microsoft Security page etc.

I have read the sticky and am in the process of running the scans etc.

This is the log from Malaware - I am running the Panda one just now and will post that once it is finished.

Thanks for everyones help! :huh:

Malwarebytes' Anti-Malware 1.30

Database version: 1430

Windows 5.1.2600 Service Pack 3

29/11/2008 11:13:21

mbam-log-2008-11-29 (11-13-21).txt

Scan type: Quick Scan

Objects scanned: 73369

Time elapsed: 18 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

From the Panda scan

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-29 18:48:35

PROTECTIONS: 1

MALWARE: 38

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

AVG Anti-Virus Free 8.0 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00041904 adware/sidesearch Adware No 0 Yes No c:\program files\lycos

00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker.1

00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}

00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}

00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@atdmt[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@247realmedia[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@tribalfusion[2].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@anm.co[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@yadro[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@xiti[1].txt

00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@club.cdfreaks[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@bs.serving-sys[1].txt

00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@888[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@www.burstbeacon[2].txt

00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@cdfreaks[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@adtech[2].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@advertising[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@questionmarket[1].txt

00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@int.sitestat[2].txt

00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@int.sitestat[3].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@bravenet[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@adultfriendfinder[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@go[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@atwola[2].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@www6.addfreestats[1].txt

00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@www1.addfreestats[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa Hague\Cookies\lisa_hague@ads.addynamix[1].txt

01203898 Adware/BraveSentry Adware No 0 Yes No C:\Program Files\AntiSpywareShield\Uninstall.exe

02763634 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Lisa Hague\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-67f24100-41d6646b.zip[VaannnaaBaa.class]

02763635 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Lisa Hague\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-67f24100-41d6646b.zip[bnnnnn.class]

02763636 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Lisa Hague\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-67f24100-41d6646b.zip[bnnnnBaa.class]

03755584 Generic Malware Virus/Trojan No 0 Yes No C:\i386\GTDownDE_87.ocx

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP916\A0076784.sys

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\Program Files\Coolwallpaper\cwm_tray.exe

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:05, on 29/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\RegCleaner\RegCleanr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hibeesbounce.com/forum

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://turbosearchsite.com/search?q=cheap%...TdhM2E2ZjAwAA==

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 204.16.197.121 www.asfvb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.3.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.657.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.34.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.45.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.asdv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvtrv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.g.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.msasern.com

O1 - Hosts: 61.157.217.210 www.antispy.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab

O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonusprint.com/UK/download...geUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex...upv2.0.0.11.cab?

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 13682 bytes

_____________________________

Link to post
Share on other sites

Hello.

Start Hijackthis, Click Scan, check all of these:

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 204.16.197.121 www.asfvb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.3.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.657.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.34.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.45.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.asdv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvtrv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.g.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.bb.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.dfyu.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.xvv.com

O1 - Hosts: 204.16.197.121 www.msasern.com

O1 - Hosts: 61.157.217.210 www.antispy.com

Hit fix.

How is your computer doing now?

Link to post
Share on other sites

I don't think winrar gave this to you, so long as you downloaded it from a reputable source.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 10.

  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 10 about half way down the page and click on the Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u10-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all all old versions of Java (Java 3 Runtime Environment, JRE or JSE), etc...
  • Browse to C:\Program Files\Java and remove the JAVA folder.
  • Once ALL older versions are removed you will no longer need to remove them in the future. This update includes a new method of updating that will update the files in place. So with the next version 11 update it will actually update 10 instead of a new installation.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand
how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
http://www.malwarebytes.org/forums/index.php?showtopic=2936' rel="external nofollow">
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.