• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
Wag1782

I have the log if you would like to help

6 posts in this topic

Logfile of HijackThis v1.99.1

Scan saved at 11:00:48, on 25/06/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\atmclk.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.dell.co.uk/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://uk.red.clientapps.yahoo.com/customi...docs.yahoo.com/

 

info/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://home.bt.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://uk.red.clientapps.yahoo.com/customi...docs.yahoo.com/

 

info/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

 

http://www.tiscali.co.uk/products/startup_code.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

 

127.0.0.1

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

 

Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

 

Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

 

Search & Destroy\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

 

C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program

 

Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

 

Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

 

files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

 

Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program

 

Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN

 

Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

 

files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

 

SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

-startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common

 

Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop

 

Help\bin\matcli.exe

O8 - Extra context menu item: &Google Search - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\WINDOWS\system32\msjava.dll

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

 

C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

 

Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)

 

- http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -

 

http://help.broadbandassist.com/prequal/MotivePreQual.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

 

Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Share this post


Link to post
Share on other sites

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:
    http://www.java.com/en/download/manual.jsp

* Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

 

* First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* open hijackthis and put a check next to the following:

===================================================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

===================================================

* After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis

 

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):

To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

MyWay

 

* Delete following folder if it's present:

 

C:\Program Files\MyWaySA

 

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.

Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

 

 

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

 

- Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

- When download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

 

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

Let us know if any problems persist.

Share this post


Link to post
Share on other sites

I go to control panel but cant see jave - i have options like appearance adn themes etc. Where abouts is Java?

 

Logfile of HijackThis v1.99.1

Scan saved at 11:00:48, on 25/06/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\atmclk.exe

C:\WINDOWS\system32\dcomcfg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.dell.co.uk/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://uk.red.clientapps.yahoo.com/customi...docs.yahoo.com/

 

info/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://home.bt.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://uk.red.clientapps.yahoo.com/customi...docs.yahoo.com/

 

info/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

 

http://uk.red.clientapps.yahoo.com/customi...search.yahoo.co

 

m/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

 

http://www.tiscali.co.uk/products/startup_code.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

 

127.0.0.1

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

 

Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

 

Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

 

Search & Destroy\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

 

C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program

 

Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

 

Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

 

files\google\googletoolbar2.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

 

Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program

 

Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN

 

Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

 

files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

 

SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

-startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common

 

Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop

 

Help\bin\matcli.exe

O8 - Extra context menu item: &Google Search - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\WINDOWS\system32\msjava.dll

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

 

Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

 

C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

 

Files\Yahoo!\common\yinsthelper.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)

 

- http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -

 

http://help.broadbandassist.com/prequal/MotivePreQual.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

 

Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Share this post


Link to post
Share on other sites

Can you post the hijackthis normal please? without those white spaces between the lines.

Share this post


Link to post
Share on other sites

Hello

 

Sorry i found Java and everything is good so far, i am at the final stages and have just ran a scan on Panda -it currently says Activescan has started. It has been going for 10 minutes or so but i see no nothing that looks like the scan is working - ie numbers or file names. There is a blue shield at the top which says 'This site might require Activex control 'asinst.cab' from 'panda software' click to install.

Should i click it as i am hesitant now to download anything.

 

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
  1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  2. It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  3. If you are unable to update you can manually update by going here:
    http://www.java.com/en/download/manual.jsp

* Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

 

* First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* open hijackthis and put a check next to the following:

===================================================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program

Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

===================================================

* After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis

 

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):

To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

MyWay

 

* Delete following folder if it's present:

 

C:\Program Files\MyWaySA

 

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.

Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

 

- Once you are on the Panda site click the Scan your PC button

- A new window will open...click the Check Now button

- Enter your Country

- Enter your State/Province

- Enter your e-mail address and click send

- Select either Home User or Company

- Click the big Scan Now button

- If it wants to install an ActiveX component allow it

- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

- When download is complete, click on Local Disks to start the scan

- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

 

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.

Let us know if any problems persist.

Share this post


Link to post
Share on other sites
'This site might require Activex control 'asinst.cab' from 'panda software' click to install.

Yes you must install it, otherwise you can't scan with panda. :)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0