trojan

  • Thread starter Thread starter roy
  • Start date Start date
R

roy

i have a trojan , name trojan.startup.
nameshifter.h,which keeps re occuring even when i clean
it
 
Hello Roy;

Can you let us know what the trojan is and where its
being detected ?

For MSAS goto "tools" on the top bar then "SpywareScan",
next goto "View Spyware Scan History", then choose the
latest scan results and click "View Full details of scan"
from the bottom right of the screen, then copy and paste
that back here (Left click and cover the text-Right click
and copy, Then right click in a response here and choose
pªste)

It will be alot easier to help you remove it once we know
what it is and where its saved intº.

Good luck

Engel
 
hi engel here is the imformation
Trojan.Startup.NameShifter.H Trojan more information...
Status: Ignored
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected files detected
c:\program files\vuvuwsrv\yegdcgbn.exe


Detected Spyware Cookies
No spyware cookies were found during this scan.
 
Hi Roy

Can you upload the exe file at jotti's scan site and let
us know the results, The infection isnt Nameshifter thats
just a term used by MSAS which then gets passed to
Counterspy, The infection is probably Qoologic but the
scan results should make that clearer:

Goto Jotti's site:

http://virusscan.jotti.org/

In the file to upload area press Browse then follow the
path to the exe file :

c:\program files\vuvuwsrv\yegdcgbn.exe

Then press Submit and copy and paste the results to
notepad and save them so you can post back the results.


Next Download Ewido and Ccleaner

Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/download/

Install ewido.
During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.

DO NOT run a scan yet. You will do that later in safe
mode.


Download Ccleaner

http://download.ccleaner.com/download124bin.asp

Install Then close


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Once in safe mode run Ewido again.

From the main menu click on 'scanner' then
click 'Complete System Scan'

Once its started scanning it will display an alert window
when it finds any infected files, when you see this first
alert then choose 'Remove' and check the box in the
bottom left corner that says 'Perform action on all
infections'

When Its finished scanning it will give you some options
at the bottom of the screen, choose 'Save Report' and
save it to the desktop incase you need more help with
this.

Run MS Antispy on a full system scan and remove anything
found

Finally Run Ccleaner and press "Run Cleaner" to remove
temp and unused files from your system


Reboot back to normal mode


Let us know if you have any problems and post the ewido
scan log and the results from Jotti if its still being
detected.

Andy
 
-----Original Message-----
Hello Roy;

Can you let us know what the trojan is and where its
being detected ?

For MSAS goto "tools" on the top bar then "SpywareScan",
next goto "View Spyware Scan History", then choose the
latest scan results and click "View Full details of scan"
from the bottom right of the screen, then copy and paste
that back here (Left click and cover the text-Right click
and copy, Then right click in a response here and choose
pªste)

It will be alot easier to help you remove it once we know
what it is and where its saved intº.

Good luck

Engel
.hi engel here are the details you asked
Click to expand...
for>Trojan.Startup.NameShifter.H Trojan more
information...
Status: Ignored
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected files detected
c:\program files\vuvuwsrv\yegdcgbn.exe
 
-----Original Message-----
Hello Roy;

Can you let us know what the trojan is and where its
being detected ?

For MSAS goto "tools" on the top bar then "SpywareScan",
next goto "View Spyware Scan History", then choose the
latest scan results and click "View Full details of scan"
from the bottom right of the screen, then copy and paste
that back here (Left click and cover the text-Right click
and copy, Then right click in a response here and choose
pªste)

It will be alot easier to help you remove it once we know
what it is and where its saved intº.

Good luck

Engel
.hi engel here is the information you wanted
Trojan.Startup.NameShifter.H Trojan more information...
Click to expand...
Status: Ignored
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.

Infected files detected
c:\program files\vuvuwsrv\yegdcgbn.exe
 
AndyManchesta said:
Hi Roy

Can you upload the exe file at jotti's scan site and let
us know the results, The infection isnt Nameshifter thats
just a term used by MSAS which then gets passed to
Counterspy, The infection is probably Qoologic but the
scan results should make that clearer:

Goto Jotti's site:

http://virusscan.jotti.org/

In the file to upload area press Browse then follow the
path to the exe file :

c:\program files\vuvuwsrv\yegdcgbn.exe

Then press Submit and copy and paste the results to
notepad and save them so you can post back the results.


Next Download Ewido and Ccleaner

Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/download/

Install ewido.
During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.

DO NOT run a scan yet. You will do that later in safe
mode.


Download Ccleaner

http://download.ccleaner.com/download124bin.asp

Install Then close


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Once in safe mode run Ewido again.

From the main menu click on 'scanner' then
click 'Complete System Scan'

Once its started scanning it will display an alert window
when it finds any infected files, when you see this first
alert then choose 'Remove' and check the box in the
bottom left corner that says 'Perform action on all
infections'

When Its finished scanning it will give you some options
at the bottom of the screen, choose 'Save Report' and
save it to the desktop incase you need more help with
this.

Run MS Antispy on a full system scan and remove anything
found

Finally Run Ccleaner and press "Run Cleaner" to remove
temp and unused files from your system


Reboot back to normal mode


Let us know if you have any problems and post the ewido
scan log and the results from Jotti if its still being
detected.

Andy

hi andy here are the results of of the scan AntiVir Found Trojan/Spy.Hailport.2
Click to expand...
ArcaVir Found Adware.Commonname.G
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found Trojan.Commonname.B
ClamAV Found Adware.Comna-2
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Adware/Commonname.I
Kaspersky Anti-Virus Found Trojan.Win32.CommonName.b
NOD32 Found Win32/Adware.CommonName application
Norman Virus Control Found W32/CommonName.I
UNA Found Trojan.Win32.CommonName
VBA32 Found AdWare.CommonName.i
i still have the trojan so here are the ewido scan results HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
Click to expand...
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} ->
Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} ->
Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet
Explorer\Toolbar\\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay :
Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned
with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK -> Spyware.CommonName : Error
during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\Security -> Spyware.CommonName
: Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\Enum -> Spyware.CommonName :
Error during cleaning
C:\Documents and Settings\roy thompson\Cookies\roy [email protected][1].txt
-> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\roy thompson\Cookies\roy thompson@2o7[1].txt ->
Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\roy thompson\Cookies\roy
thompson@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with
backup
C:\Documents and Settings\roy thompson\Cookies\roy thompson@atdmt[2].txt ->
Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\roy thompson\Cookies\roy
(e-mail address removed)[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with
backup
C:\Documents and Settings\roy thompson\Cookies\roy
thompson@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with
backup
C:\Documents and Settings\roy thompson\Cookies\roy
thompson@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\roy thompson\Cookies\roy
(e-mail address removed)[1].txt -> Spyware.Cookie.Advertising : Cleaned
with backup
C:\Documents and Settings\roy thompson\Cookies\roy
thompson@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with
backup
C:\Program Files\Microsoft
AntiSpyware\Quarantine\3B1B2D83-672C-4425-920C-990CBB\C06A5347-3B47-45D0-9F42-DF7E30 -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned
with backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay
: Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned
with backup
C:\Program Files\SupaDial\SupaDial.exe -> Heuristic.Win32.Dialer : Cleaned
with backup
C:\Program Files\vuvuwsrv\cnml.exe -> Spyware.CommonName : Error during
cleaning
C:\Program Files\vuvuwsrv\NBgCDgEY.exe -> Spyware.CommonName : Error during
cleaning
C:\Program Files\vuvuwsrv\YEgDCgBN.dll -> Spyware.CommonName : Error during
cleaning
C:\Program Files\vuvuwsrv\YEgDCgBN.exe -> Spyware.CommonName : Error during
cleaning
C:\WINDOWS\system32\drivers\winik.sys -> Trojan.Rootkit.Agent.q : Error
during cleaning
C:\WINDOWS\Temp\Cookies\roy (e-mail address removed)[1].txt ->
Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent :
Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End
 
Ron Kinner said:
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then
send it to me as an attachment. Put Hijack in the subject
so I'll know it's not spam.

Or post it on the Dell Forum where I hang out.

http://forums.us.dell.com/supportforums/board?board.id=si_hijack


Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)
Click to expand...
Scan saved at 17:23:20, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\ASP.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\roy thompson\Local Settings\Temporary Internet
Files\Content.IE5\SFSVSDEX\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tiny.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tiny.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tiny.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -
c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} -
c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe
/startup
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL
Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL
Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program
Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [dYpHRAEw] C:\PROGRA~1\vuvuwsrv\YEgDCgBN.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect
Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2]
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [QEFHRg1v] C:\PROGRA~1\vuvuwsrv\YEgDCgBN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program
Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL
9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN
Toolbar Suite\DS\02.05.0000.1082\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program
Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN
Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program
Files\MSN Toolbar
Suite\TAB\02.05.0000.1110\en-gb\msntabres.dll/229?84afc781b34f42399ce5a6a1865d2b40
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program
Files\MSN Toolbar
Suite\TAB\02.05.0000.1110\en-gb\msntabres.dll/230?84afc781b34f42399ce5a6a1865d2b40
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120760078562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9859B2B1-851F-4F32-BDFB-32663D7F2CC2}:
NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -
C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. -
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 
Hi Roy

Sorry I didnt think anyone had replied back to this, Hope you managed to
get things fixed, If you still have problems you are best starting a
topic at a hijack this forum as you may have a rootkit infection, I
would ask for the logs on here but it would take up alot of space as you
would need Hijack This and Rootkit Revealer then other tools to kill the
files like killbox, A forum would be alot easier for you as the replies
are easy to see and its alot easier to find the solution,

There's alot of sites that can help you out here spywareinfo, tomcoyote,
greyknight17 forums, aumha.net, atribune.org forums, spyware warrior
forums and more and I'm sure they can get you fixed up without too many
problems.

All the best Andy
 
Ignore That :)

I just went further down the page after sending the reply to you and
realized Ron Kinner had replied, You wouldnt need to use them forums now
just follow Ron's advice

Good Luck
 
Back
Top