Computer in a bad way - need reliable link to hitman pro/free troubleshooting ware
19 January 2009, 03:19 PM
#3
Firefox is taking a long time to load - get server not found for the first few attempts. Once up and running not too bad.
It wont let me run disk defragment.
Got a false IE security message up - banging on about Trojans and trying to get me to lauch an exe.
Generaly got buggy over the past week.
Run AVG
Run Hitmanpro - just the spyware bit i have at the mo
Understand basics ...but not a real techy
Hitmanpro - used to run all sorks of anti spyware etc software one after the other and was pretty good.
Have you any links to good Freeware that I could run - to try and sort it out
What do you think?
Thanks again
Steve
Running XP
19 January 2009, 03:36 PM
#4
Scooby Regular
Join Date: Jan 2009
Posts: 45
Likes: 0
Received 0 Likes
on
0 Posts
Sounds like your PC's riddled with some nasty Virus/Spyware.
Try these out they are all free:
Malwarebytes.org - Very good, free malware/spyware removal tool
AVG Free - Download antivirus and antispyware software for Windows XP and Vista - Excellent, free Virus removal tool
Free Online Virus Scan - BitDefender Online Scanner - Only an online scanner, but excellent at detecting and removing viruses from your PC.
A combination of these 3 should sort your PC out, but if not give me a shout and I could probs post you something out that will help you mate.
Try these out they are all free:
Malwarebytes.org - Very good, free malware/spyware removal tool
AVG Free - Download antivirus and antispyware software for Windows XP and Vista - Excellent, free Virus removal tool
Free Online Virus Scan - BitDefender Online Scanner - Only an online scanner, but excellent at detecting and removing viruses from your PC.
A combination of these 3 should sort your PC out, but if not give me a shout and I could probs post you something out that will help you mate.
19 January 2009, 05:17 PM
#6
Google posted this up when i visited Bitdefender
Its like it is fighting an anti virus exe.
____________________________________________
Safe Browsing
Diagnostic page for antispyware-pro-scanner.com
What is the current listing status for antispyware-pro-scanner.com?
Site is listed as suspicious - visiting this website may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 7 pages that we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2009-01-18, and the last time that suspicious content was found on this site was on 2009-01-18.
Malicious software includes 2 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.
This site was hosted on 1 network(s) including AS34187 (RENOME).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, antispyware-pro-scanner.com appeared to function as an intermediary for the infection of 1 site(s) including geocities.com/melbagilmore83/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 24 domain(s), including hojiblancaycordoliva.com/, tsdconfection.com/, huitre-bretagne.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
* Return to the previous page.
* If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.
Anyway thanks for your help so far
Steve
Its like it is fighting an anti virus exe.
____________________________________________
Safe Browsing
Diagnostic page for antispyware-pro-scanner.com
What is the current listing status for antispyware-pro-scanner.com?
Site is listed as suspicious - visiting this website may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 7 pages that we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2009-01-18, and the last time that suspicious content was found on this site was on 2009-01-18.
Malicious software includes 2 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.
This site was hosted on 1 network(s) including AS34187 (RENOME).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, antispyware-pro-scanner.com appeared to function as an intermediary for the infection of 1 site(s) including geocities.com/melbagilmore83/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 24 domain(s), including hojiblancaycordoliva.com/, tsdconfection.com/, huitre-bretagne.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
* Return to the previous page.
* If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.
Anyway thanks for your help so far
Steve
19 January 2009, 05:27 PM
#7
Scooby Regular
Join Date: Apr 2003
Location: South Bucks
Posts: 3,213
Likes: 0
Received 0 Likes
on
0 Posts
Try "CTRL/ALT/DELETE and select task manager" or "START->RUN->TASKMGR"
See if the CPU is 100% busy. Normally, it shouldn't be.
Sounds like a bit of a battle if it won't let you launch new apps.
See if the CPU is 100% busy. Normally, it shouldn't be.
Sounds like a bit of a battle if it won't let you launch new apps.
Trending Topics
19 January 2009, 05:41 PM
#8
Scooby Regular
iTrader: (1)
Join Date: Apr 2005
Location: Under my busted-a$$ scooby ... again :(
Posts: 485
Likes: 0
Received 0 Likes
on
0 Posts
Part of the problem with some of the malware / viruses around is that once you've booted your machine they're already loaded into memory and able to function or in some cases protect themselves. Ideal means to deal with any issue like that is to be disconnected from all networks (so that it can't re-infect itself) and boot into a clean environment (so that it can't load in the first instance) before attempting to attack it. It does mean you need up-to-date software on a cd or flashdisk to deal with it though since obviously you can't troddle off around the internet to find updates etc.
Give this a go and see how you get on - UBCD for Windows (it's a free bootdisk of utilities, virus scanners, malware scanners etc but if there's utilities you're not sure of, don't play with them lol!)
p.s. if your machine doesn't boot from the cd, check your bios settings to ensure that the boot order places the cd drive prior to the hard-drive
Give this a go and see how you get on - UBCD for Windows (it's a free bootdisk of utilities, virus scanners, malware scanners etc but if there's utilities you're not sure of, don't play with them lol!)
p.s. if your machine doesn't boot from the cd, check your bios settings to ensure that the boot order places the cd drive prior to the hard-drive
19 January 2009, 05:41 PM
#9
Scooby Regular
iTrader: (2)
Join Date: May 2005
Location: Cardiff
Posts: 2,266
Likes: 0
Received 0 Likes
on
0 Posts
Get a program called ccleaner - run that to remove all the junk off your system and clean up the registry.
Turn off and restart and then run the malwarebytes anti-malware program - this is very good and will find and remove a lot of Trojans and things that could be causing problems.
Both of these programs are free, and I've found most problems can be cleared up by using them.
Turn off and restart and then run the malwarebytes anti-malware program - this is very good and will find and remove a lot of Trojans and things that could be causing problems.
Both of these programs are free, and I've found most problems can be cleared up by using them.
20 January 2009, 11:20 AM
#12
Hi
I have PMd GT4 Baz - sending a CD.
I am writing this to you from the local libary.
Can anyone else also be a good samaritain
Has anyone else got a CD they can post to me
PC Doctor has identifed some viruses - after I ran cc cleaner. But I need to purchase it. I dont want to put my credit card details into a heavily infected machine. I can now run AVG again. But other anti software wont run.
So inserting a CD with some good stuff to zap it - would be far safer
I am also now getting random web pages up when I sometimes try to access a specfic site say.... SN.
I had this once before...I think it called something like when your domain address is taken over....I did solve it on that machine (windows2000)
I am currently running XP
Thanks for your help so far all
Steve
I have PMd GT4 Baz - sending a CD.
I am writing this to you from the local libary.
Can anyone else also be a good samaritain
Has anyone else got a CD they can post to me
PC Doctor has identifed some viruses - after I ran cc cleaner. But I need to purchase it. I dont want to put my credit card details into a heavily infected machine. I can now run AVG again. But other anti software wont run.
So inserting a CD with some good stuff to zap it - would be far safer
I am also now getting random web pages up when I sometimes try to access a specfic site say.... SN.
I had this once before...I think it called something like when your domain address is taken over....I did solve it on that machine (windows2000)
I am currently running XP
Thanks for your help so far all
Steve
20 January 2009, 11:38 AM
#13
Scooby Regular
Join Date: Sep 1999
Location: Swindon, Wiltshire Xbox Gamertag: Gutgouger
Posts: 6,956
Likes: 0
Received 0 Likes
on
0 Posts
Yet another person infected while having AVG installed 
Get rid of AVG and install something that actually works. Nod32 has a 30 day free trial ESET - Antivirus Software with Spyware and Malware Protection
Get rid of AVG and install something that actually works. Nod32 has a 30 day free trial ESET - Antivirus Software with Spyware and Malware Protection
20 January 2009, 01:06 PM
#14
Scooby Regular
Join Date: Jul 2002
Location: Under your bonnet
Posts: 9,173
Likes: 0
Received 0 Likes
on
0 Posts
The best program you can download that will help others help you, if you don't know more than the basics will be..
"Hijack this" > |MG| HijackThis 1.99.1
then...
Close any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Go to Edit>Select All
Then Edit>Copy
Come back to this thread
Do Edit>Paste
All the geeky ones will then be able to tell you the things likely to be causing issues.
"Hijack this" > |MG| HijackThis 1.99.1
then...
Close any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Go to Edit>Select All
Then Edit>Copy
Come back to this thread
Do Edit>Paste
All the geeky ones will then be able to tell you the things likely to be causing issues.
20 January 2009, 02:55 PM
#15
This is what appeared in the note pad
Logfile of HijackThis v1.99.1
Scan saved at 14:58:13, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170862853673
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Thanks
Steve
Logfile of HijackThis v1.99.1
Scan saved at 14:58:13, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170862853673
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Thanks
Steve
20 January 2009, 05:34 PM
#16
Scooby Regular
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
The rootkit disables the installing & running of most of the anti malware apps.
SuperAntiSpyware has an alternate installer to get round this
SUPERAntiSpyware.com - Frequently Asked Questions
Once that has run through, install another one - like malwarebytes , and run that through as well.
HTH
Steve
20 January 2009, 11:34 PM
#19
I've just cleaned up one just like this after some donut installed "Antivirus 2009" , it also redirected all google searches ...
The rootkit disables the installing & running of most of the anti malware apps.
SuperAntiSpyware has an alternate installer to get round this
SUPERAntiSpyware.com - Frequently Asked Questions
Once that has run through, install another one - like malwarebytes , and run that through as well.
HTH
Steve
The rootkit disables the installing & running of most of the anti malware apps.
SuperAntiSpyware has an alternate installer to get round this
SUPERAntiSpyware.com - Frequently Asked Questions
Once that has run through, install another one - like malwarebytes , and run that through as well.
HTH
Steve
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
