Wonderboy

Members
  • Content count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Wonderboy

  • Rank
    Member
  1. Hi Don't know if this will be of any help, but may be worth trying (if you haven't done so already): Try running your AdAware scan in "Safe Mode". Often picks up stuff that doesn't get picked up when your running in normal mode. Also when you're doing this, unplug your internet connection! Try using AVG Anti-Spyware and run a scan in "Safe Mode" with that. I find it excellent and after the free 30 day trial decided to buy it for £20 a year and I haven't had any problems since. Try running CCleaner. Download it here: http://www.ccleaner.com/download/ I suspect you already have a decent armory of defences but once you've solved your problem, I can recommend Spyware Blaster (free) and SpyBot Search & Destroy (free) as additional protection. Good luck and I hope some of that helps. Steve
  2. Cheers for the help mate and I'll have a look into those suggestions, although I think the problem still lies with NTL in my area. Do I need to worry about replacing the missing files highlighted on the HJT, and should I go ahead and fix the O4 items you suggested are not required? Just a bit wary of deleting stuff on the registry. Cheers
  3. My IE browser is running soooo slow! What's weirder though is that it's intermittent. So sometimes it'll quickly load up, say, Google, but then take ages to load up Lavasoft.com. Everything else appears to be running normally and other applications run quickly (Outlook, Word etc..) but the internet is intermittently slow. The only thing I've downloaded recently is IE7, but I got rid of it and went back to IE6. Up until then, the internet has been great. I have AdAware, AVG Antispyware (paid version), McAfee, Spyware Blaster, Spybot S&D and SpywareGuard and I have run scans in normal and safe mode with all and can't find anything wrong. I've run CCleaner too, but nothing appears to making any difference. I've been hit before with malware and trojans, but have got rid of them successfully and was the reason I decided to subscribe to AVG for the resident shield etc. My ISP is NTL and I've tried speaking online to one of their technical advisors who told me there was a problem with the NTL network and that could be the reason. However, that was three nights ago now and makes me suspicious that something more sinister is at work perhaps. Can anyone offer any help please??? Nothing showing up on AdAware scan, so if it helps here is my HJT log. Logfile of HijackThis v1.99.1 Scan saved at 22:13:48, on 09/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ntl\broadband medic\bin\mad.exe C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\USB Disk Win98 Driver\Res.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ntl\broadband medic\bin\MotiveBrowser.exe C:\DOCUME~1\STEVED~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [uSB Storage Toolbox] "C:\Program Files\USB Disk Win98 Driver\Res.EXE" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149098842234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157743948156 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  4. Terrific stuff. Thanks for your help Ad Astra and taking the time to help me out. Greatly appreciated. Everything seems to be ok now. I've been reading some stuff about registry cleaners helping to speed up PC's especially after being hit by Trojans etc because they clutter up the registry with uneccessary files, but I'm a little wary of fiddling with things I don't know about. What I am pretty certain about is that registry is something you shouldn't meddle with if you don't know what you're doing. So I've decided not to do anything. My PC isn't really running drastically slow and so I think I'll just be happy with what I've got. I keep it pretty clean by emptying stuff with CCleaner and de-fragging regularly, so that should keep it in shape I guess? I've now subscribed to Ewido and so have a resident shield as part of the paying package so I'm hoping that with that and my other defences I should be pretty well protected. I'm certainly not going to bother downloading anything from BitTorrent again. I'm sure some people have had no problems with it, but personally I will be steering well clear of it!! Far too much of an opportunity for backdoor Trojans from what I've seen. Never again!! Anyway, thanks a lot for all your help.
  5. Ok, here we go. HiJackThis log first: Logfile of HijackThis v1.99.1 Scan saved at 18:57:26, on 06/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\STEVED~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\DOCUME~1\STEVED~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [bJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected] O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149098842234 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Here's the rootkitrevealer HKLM\SOFTWARE\Classes\webcal\URL Protocol 25/04/2006 23:53 13 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned 06/09/2006 19:02 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned 06/09/2006 19:02 84 bytes Windows API length not consistent with raw hive data. ...and here's the Blacklight 09/06/06 19:34:01 [info]: BlackLight Engine 1.0.46 initialized 09/06/06 19:34:01 [info]: OS: 5.1 build 2600 (Service Pack 2) 09/06/06 19:34:01 [Note]: 7019 4 09/06/06 19:34:01 [Note]: 7005 0 09/06/06 19:34:24 [Note]: 7006 0 09/06/06 19:34:24 [Note]: 7011 1560 09/06/06 19:34:24 [Note]: 7026 0 09/06/06 19:34:25 [Note]: 7026 0 09/06/06 19:34:29 [Note]: FSRAW library version 1.7.1019 09/06/06 19:35:11 [Note]: 2000 1006 09/06/06 19:35:35 [Note]: 7007 0 Look forward to hearing from you soon!
  6. Ok, all those succeeded. I decided to move the rundll32.exe file to C:\WINDOWS\system32 as that was where it kept saying it was missing from...and lo-and-behold, I can now fully access ALL the control panel again!!!! WHOO HOO!!! It is a little slow when I click OK to confirm the display properties for example. Is there anything sinister in this? Anyway Ad Astra, can I just say a HUGE thank you to you mate, you've been brilliant and you've no idea how much I've really appreciated all your help and patient guidance over the last few hours. I'm so relieved that things are back to normal - or atleast all seems that way anyway! My only one niggling doubt and question to you is what kind of Trojan attacked my PC, in your opinion has it likely to have done damage or stolen anything, and how confident can I be that all my system is all clean ie: is there any nasty remnants still lurking about and are there any HijackThis, Ewido, AdAware logs that would offer an insight to the IT Professional, such as yourself, on my computer's health?? (Ok, that was three questions!!) I know you're no doubt a busy person and in demand, but if you can offer ANY further advice or recommendations or answer those niggling questions, I will be HUGELY grateful. Either way, you're a star whoever you are Ad Astra and I raise a virtual pint in your honour my friend. Thank you so much again.
  7. Ok, done as said, and it came back with (ignoring prefetch data) one application called: rundll32.exe located in C:\WINDOWS - 33KB Incidentally, whilst I thought you were offline, I Googled pages on missing Rundll32.exe and tried some help from a site called jsifaq.com where it gives a method of restoring a clean version of Rundll32.exe. I followed the instructions: Mount XP CD-ROM, Open CMD.exe session and type d:\i386\rundll32.ex_ %Systemroot%\rundll32.exe When I ran this it said "expanding d:\i386\rundll32.ex_ to c:\i386\rundll32.ex d:\i386\rundll32.ex_ 11853 bytes expanded to 33280 bytes. 180% increase. Apologies if I've done something wrong, but I thought your status said offline and assumed you'd gone so tried a method similar to what you'd suggested (Christ, I hope I haven't done the wrong thing!!) Anyway, when I now run the appwiz.cpl, I get the Add/Remove programs screen!! Are we getting somewhere? I still can't access stuff on my control panel, but this has given me some hope...at last!!
  8. No joy AdAstra, it ran through, but never once asked for the Windows XP CD. So what does this mean? Man, this is getting frustrating now! (as I'm sure it is for you too by now!) What's next then....;o) (If I could beam you over a beer I would!)
  9. I cut and pasted the command in and it came back saying: "Can't open input file: c:\i386\rundll32.ex_"
  10. Hi AdAstra, Righto, did search and nothing returned with the exact match rundll32.exe. Apart from prefetch and one called rundll32 (in folder C:/i386 and 33KB big) no, can't find anything. Looking at my orginal post, is there a chance that in deleting the trojan via Ewido (Ewido said that the Trojan was located in the file C:\WINDOWS\system32\rundll32.exe) the rundll32.exe has gone too? With regards to the Windows XP CD, I do have one that Dell sent me (my PC is a Dell Dimension 3100) which is a reinstallation CD. I also have a Drivers & Utilities CD (if that's any help?) Thanks
  11. Also meant to add, that my PC upon reboot appeared to run a little quicker, especially on IE.
  12. Followed instructions through cmd and it is said "RegSvr32 - DllRegisterServer in appwiz.cpl succeeded" I then tried running the command appwiz.cpl and it still threw up the same message prompt. I tried re-booting and tried again but no difference. (By the way, thanks for all your help throughout this, it's hugely appreciated)
  13. Hi Kosti, Has this syssecuritypage.net. hijacked your browser, ie: your normal Internet Explorer home address has changed and no matter what you do it will not default to the one you specify? If so, I had a very similar malware attack which was called securityuptodate.net. Thankfully there was loads of postings out there on forums such as these and I was able to rid it myself by following the steps that I think CalamityJane had posted for someone else. If the symptoms sound familar (browser hijack) then do a Google search on securityuptodate.net and there is loads of help out there. Although to be honest, and particularly if you're not too IT confident, I would wait for a reply from the experts here and let them guide you. From reading many of these entries, it's sometimes not a case of one size fits all for these problems and so they will be the best to advise you. I realise none of this is any real help to you, but don't feel like you're the only person in the world who's been stung by sh*t like this, I had a sick feeling in my stomach when it happened to me, but I wasn't the first and I won't be the last! Good luck.
  14. Arghh! No, it's still asking which program I want to open it with.
  15. Sorry Ad Astra, I've followed the instructions and it confirmed that the cpl_file_assoc.reg file had been added to the registry, but when I've tried to the runappwiz.cpl command it's still asking "Choose a program you want to use to open this file". How bad is this problem I have, should be getting more worried than I already am?