Solved: Dreaded Zlob

Hi
I'm trying to help a friend clear Zlob but it is a case of the dumb helping the dumber!
Before I found you here I used SpyBot and Superantispyware to try to clear it. Both programs found trojan files.

I've downloaded the Hijack This program as sugested elsewhere on the forum and am pasting here the log produced

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:34, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\GS30s.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Sue\LOCALS~1\Temp\SSUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?90b1044c1cd1408987685f91724c89a8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?90b1044c1cd1408987685f91724c89a8
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GS30s - Unknown owner - C:\WINDOWS\SYSTEM32\GS30s.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 14010 bytes

It seems an awful cheek to join a forum and ask for immediate help but we live in the middle of nowhere and getting help in person is a challenge. If you are able to assist I should be so grateful as would my friends.

Thanks you so much for looking

Dee

 

Can I add something to the original post please.

On the bottom start bar, on the right hand side where the mini icons appear in a row there is a yellow shield shaped icon with an exclamation mark in the middle (that is black) and it is trying to download stuff. Is this trojan activity do you think?

The trojan has made the adsl router/modem inoperative but I am able to get on to the internet using a dial up connection through a different ISP.

I've advised my friends to stay disconnected from the internet until this is sorted out

Thanks
Dee

 

Sorry me again
These are the logs from the superantispyware clean up

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/07/2007 at 06:10 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 01:52:07

Memory items scanned : 590
Memory threats detected : 0
Registry items scanned : 7794
Registry threats detected : 1
File items scanned : 81984
File threats detected : 3

Adware.SideStep Toolbar
HKU\S-1-5-21-2140898977-906291042-862355962-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

Malware.AntiVirusGolden
C:\PROGRAM FILES\AVG\ANTIVIRUSGOLD 4.7\ANTIVIRUSGOLD 4.7.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP872\A0111324.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP872\A0111327.ICO



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/07/2007 at 04:08 PM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Quick Scan
Total Scan Time : 00:25:38

Memory items scanned : 618
Memory threats detected : 0
Registry items scanned : 1037
Registry threats detected : 105
File items scanned : 21626
File threats detected : 23

Adware.SideStep Toolbar
HKU\S-1-5-21-2140898977-906291042-862355962-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

Adware.Tracking Cookie
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt

Trojan.MalwareWipe
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\cdxvrag
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\Hkxab
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\HWXzqmqnvaf
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\InprocServer32
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\JhbqahvaU
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\lijH
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\Ljbb
HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\wguRwXalla

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]

Unclassified.SpywareBot (Not A Threat)
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\Program Files\SpywareBot\SpywareBot.exe -boot ]

Malware.SpyLocked
HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}
HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0
HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\0
HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\0\win32
HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\FLAGS
HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\HELPDIR
HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}
HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\ProxyStubClsid
HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\ProxyStubClsid32
HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\TypeLib
HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\TypeLib#Version
HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}
HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\ProxyStubClsid
HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\ProxyStubClsid32
HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\TypeLib
HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\TypeLib#Version
HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}
HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\ProxyStubClsid
HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\ProxyStubClsid32
HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\TypeLib
HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\TypeLib#Version
HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}
HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\ProxyStubClsid
HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\ProxyStubClsid32
HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\TypeLib
HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\TypeLib#Version
HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}
HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\ProxyStubClsid
HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\ProxyStubClsid32
HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\TypeLib
HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\TypeLib#Version
HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}
HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\ProxyStubClsid
HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\ProxyStubClsid32
HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\TypeLib
HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\TypeLib#Version
HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}
HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\ProxyStubClsid
HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\ProxyStubClsid32
HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\TypeLib
HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\TypeLib#Version
HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}
HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\ProxyStubClsid
HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\ProxyStubClsid32
HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\TypeLib
HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\TypeLib#Version
HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}
HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\ProxyStubClsid
HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\ProxyStubClsid32
HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\TypeLib
HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\TypeLib#Version
HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}
HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\ProxyStubClsid
HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\ProxyStubClsid32
HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\TypeLib
HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\TypeLib#Version
HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}
HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\ProxyStubClsid
HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\ProxyStubClsid32
HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\TypeLib
HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\TypeLib#Version
HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}
HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\ProxyStubClsid
HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\ProxyStubClsid32
HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\TypeLib
HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\TypeLib#Version
HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}
HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\ProxyStubClsid
HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\ProxyStubClsid32
HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\TypeLib
HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\TypeLib#Version
HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}
HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\ProxyStubClsid
HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\ProxyStubClsid32
HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\TypeLib
HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\TypeLib#Version
HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}
HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\ProxyStubClsid
HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\ProxyStubClsid32
HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\TypeLib
HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\TypeLib#Version
HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}
HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\ProxyStubClsid
HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\ProxyStubClsid32
HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\TypeLib
HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\TypeLib#Version

Trojan.Media-Codec/V3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{31615D5C-5126-448A-818A-A7CDFEE85A9B}

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\SUE\FAVORITES\ONLINE SECURITY TEST.URL

 

I can see how busy you are by the number of posts here - if anyone who knows about these things would be able to take a look and offer advice I'd be very grateful
Thank you

 

Post a new hijack log

 

Hi and thank you for responding

The hijack log i posted here first was posted out of order. It was the last thing I did......on the machine but I thought afterwards that the other logs might be useful.

I can go back around to my friend's house tomorrow and get another log and post it for you. Does it change over time (I ask simply to better understand - I haven't a clue about any of this!)

More from me tomorrow

Thanks once again

Dee

 

No - that log is fine it won't change

Fix these with HiJackThis – mark them, close IE, click fix checked

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZBzeb032YYGB

O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)


You should be good to go

 

I just wanted to say a big thank you.
They are all fixed and up and running and are as grateful as I am for your help.
Dee