1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Dreaded Zlob

Discussion in 'Virus & Other Malware Removal' started by philoscribe1, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. philoscribe1

    philoscribe1 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    10
    Hi
    I'm trying to help a friend clear Zlob but it is a case of the dumb helping the dumber!
    Before I found you here I used SpyBot and Superantispyware to try to clear it. Both programs found trojan files.

    I've downloaded the Hijack This program as sugested elsewhere on the forum and am pasting here the log produced

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:21:34, on 08/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\GS30s.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\Sue\LOCALS~1\Temp\SSUPDATE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [LG US] c:\program files\lg usb drive2.9\lg usb.exe sys_auto_run C:\Program Files\LG USB Drive2.9
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPpromo psc 1300 series] "C:\Program Files\HP\Digital Imaging\Promotions\HPpromo.exe" /N "psc 1300 series" -r
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?90b1044c1cd1408987685f91724c89a8
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?90b1044c1cd1408987685f91724c89a8
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GS30s - Unknown owner - C:\WINDOWS\SYSTEM32\GS30s.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

    --
    End of file - 14010 bytes

    It seems an awful cheek to join a forum and ask for immediate help but we live in the middle of nowhere and getting help in person is a challenge. If you are able to assist I should be so grateful as would my friends.

    Thanks you so much for looking

    Dee
     
  2. philoscribe1

    philoscribe1 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    10
    Can I add something to the original post please.

    On the bottom start bar, on the right hand side where the mini icons appear in a row there is a yellow shield shaped icon with an exclamation mark in the middle (that is black) and it is trying to download stuff. Is this trojan activity do you think?

    The trojan has made the adsl router/modem inoperative but I am able to get on to the internet using a dial up connection through a different ISP.

    I've advised my friends to stay disconnected from the internet until this is sorted out

    Thanks
    Dee
     
  3. philoscribe1

    philoscribe1 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    10
    Sorry me again
    These are the logs from the superantispyware clean up

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/07/2007 at 06:10 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3266
    Trace Rules Database Version: 1277

    Scan type : Complete Scan
    Total Scan Time : 01:52:07

    Memory items scanned : 590
    Memory threats detected : 0
    Registry items scanned : 7794
    Registry threats detected : 1
    File items scanned : 81984
    File threats detected : 3

    Adware.SideStep Toolbar
    HKU\S-1-5-21-2140898977-906291042-862355962-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

    Malware.AntiVirusGolden
    C:\PROGRAM FILES\AVG\ANTIVIRUSGOLD 4.7\ANTIVIRUSGOLD 4.7.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP872\A0111324.ICO
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP872\A0111327.ICO



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/07/2007 at 04:08 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3266
    Trace Rules Database Version: 1277

    Scan type : Quick Scan
    Total Scan Time : 00:25:38

    Memory items scanned : 618
    Memory threats detected : 0
    Registry items scanned : 1037
    Registry threats detected : 105
    File items scanned : 21626
    File threats detected : 23

    Adware.SideStep Toolbar
    HKU\S-1-5-21-2140898977-906291042-862355962-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

    Adware.Tracking Cookie
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt

    Trojan.MalwareWipe
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\cdxvrag
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\Hkxab
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\HWXzqmqnvaf
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\InprocServer32
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\JhbqahvaU
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\lijH
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\Ljbb
    HKCR\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}\wguRwXalla

    Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

    Trojan.Media-Codec
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]

    Unclassified.SpywareBot (Not A Threat)
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\Program Files\SpywareBot\SpywareBot.exe -boot ]

    Malware.SpyLocked
    HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}
    HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0
    HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\0
    HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\0\win32
    HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\FLAGS
    HKCR\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}\1.0\HELPDIR
    HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}
    HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\ProxyStubClsid
    HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\ProxyStubClsid32
    HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\TypeLib
    HKCR\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}\TypeLib#Version
    HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}
    HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\ProxyStubClsid
    HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\ProxyStubClsid32
    HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\TypeLib
    HKCR\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}\TypeLib#Version
    HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}
    HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\ProxyStubClsid
    HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\ProxyStubClsid32
    HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\TypeLib
    HKCR\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}\TypeLib#Version
    HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}
    HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\ProxyStubClsid
    HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\ProxyStubClsid32
    HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\TypeLib
    HKCR\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}\TypeLib#Version
    HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}
    HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\ProxyStubClsid
    HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\ProxyStubClsid32
    HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\TypeLib
    HKCR\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}\TypeLib#Version
    HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}
    HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\ProxyStubClsid
    HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\ProxyStubClsid32
    HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\TypeLib
    HKCR\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}\TypeLib#Version
    HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}
    HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\ProxyStubClsid
    HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\ProxyStubClsid32
    HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\TypeLib
    HKCR\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}\TypeLib#Version
    HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}
    HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\ProxyStubClsid
    HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\ProxyStubClsid32
    HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\TypeLib
    HKCR\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}\TypeLib#Version
    HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}
    HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\ProxyStubClsid
    HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\ProxyStubClsid32
    HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\TypeLib
    HKCR\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}\TypeLib#Version
    HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}
    HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\ProxyStubClsid
    HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\ProxyStubClsid32
    HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\TypeLib
    HKCR\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}\TypeLib#Version
    HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}
    HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\ProxyStubClsid
    HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\ProxyStubClsid32
    HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\TypeLib
    HKCR\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}\TypeLib#Version
    HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}
    HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\ProxyStubClsid
    HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\ProxyStubClsid32
    HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\TypeLib
    HKCR\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}\TypeLib#Version
    HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}
    HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\ProxyStubClsid
    HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\ProxyStubClsid32
    HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\TypeLib
    HKCR\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}\TypeLib#Version
    HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}
    HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\ProxyStubClsid
    HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\ProxyStubClsid32
    HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\TypeLib
    HKCR\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}\TypeLib#Version
    HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}
    HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\ProxyStubClsid
    HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\ProxyStubClsid32
    HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\TypeLib
    HKCR\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}\TypeLib#Version
    HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}
    HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\ProxyStubClsid
    HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\ProxyStubClsid32
    HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\TypeLib
    HKCR\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}\TypeLib#Version

    Trojan.Media-Codec/V3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{31615D5C-5126-448A-818A-A7CDFEE85A9B}

    Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\SUE\FAVORITES\ONLINE SECURITY TEST.URL
     
  4. philoscribe1

    philoscribe1 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    10
    I can see how busy you are by the number of posts here - if anyone who knows about these things would be able to take a look and offer advice I'd be very grateful
    Thank you
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a new hijack log
     
  6. philoscribe1

    philoscribe1 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    10
    Hi and thank you for responding

    The hijack log i posted here first was posted out of order. It was the last thing I did......on the machine but I thought afterwards that the other logs might be useful.

    I can go back around to my friend's house tomorrow and get another log and post it for you. Does it change over time (I ask simply to better understand - I haven't a clue about any of this!)

    More from me tomorrow

    Thanks once again

    Dee
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    No - that log is fine it won't change

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZBzeb032YYGB

    O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - (no file)


    You should be good to go
     
  8. philoscribe1

    philoscribe1 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    10
    I just wanted to say a big thank you.
    They are all fixed and up and running and are as grateful as I am for your help.
    Dee
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593146

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice