 TROJANS QUARANTINED BUT STILL PROBLEMS |
  |
 Aug 25 2008, 05:56 PM
Post
#1
|
|
|
Newbie Member  Group: Member Posts: 1 Joined: 25-August 08 Member No.: 1,187  |
Hello
Hopefully someone can help. Problems are: Internet Explorer and Mozilla Firefox being redirected to other sites. Google works and searches but then goes to other sites. AOL works most of the times but sometimes does not display a page (though it doesn't get redirected to other sites) System Restore points gone even though still enabled. Can't download virus upates or files (though can run and install some) AVG Antivirus found somethings as did AVG Antispyware and Spybot. Also manually deleted a.exe. List of things found and quarantined: Download.Fraudload Trojan Horse Sheur.CDWO Trojan Horse Agent.aadp Trojan Horse IRC Backdoor Trojan Horse SdBot3.CMH Dialer.BT.c Trojan.Agent.abd Doesn't seem to have stopped the redirection and so worried that there may be stuff missed. Highjack this log below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:52:03, on 25/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Saitek\Software\ProfilerU.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\AOL\1215102844\ee\AOLSoftware.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\AOL 9.0\waol.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file) O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [SaiMfd] C:\Progr |
 |
 
|
|
Aug 25 2008, 06:14 PM
Post
#2
|
|
|
Multi Megaton Malware Munition  Group: Global Moderator Posts: 404 Joined: 21-June 08 From: Northfield, Ohio Member No.: 1,092 |
Hello, j@holme.
 to 247Fixes.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.) Please give me some time to look over your computer's log(s). Please take note of the following:
Your HJT log is cut off. Please post a new, complete log. Billy3 |
|
|
|
button in the lower left hand corner of your screen.|
Aug 28 2008, 02:17 AM
Post
#3
|
|
|
Multi Megaton Malware Munition Group: Global Moderator Posts: 404 Joined: 21-June 08 From: Northfield, Ohio Member No.: 1,092 |
Hello, j@holme.
Are you still here? Billy3 |
|
|
|
|
Aug 31 2008, 05:10 PM
Post
#4
|
|
|
Multi Megaton Malware Munition Group: Global Moderator Posts: 404 Joined: 21-June 08 From: Northfield, Ohio Member No.: 1,092 |
This thread is being closed due to inactivity. If you would like it to be reopened please contact me or another member of the Moderating Team.
As always, we thank you for using 247fixes. Thank you, and have a great day! |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
21 | peachiecoon | 3,706 | 19th October 2005 - 11:18 PM Last post by: therock247uk |
|||
 |
1 | MattC | 1,189 | 12th September 2005 - 08:36 PM Last post by: therock247uk |
|||
|
0 | Chachazz | 1,513 | 26th February 2006 - 11:27 PM Last post by: Chachazz |
|||
|
23 | derek916 | 4,217 | 4th June 2006 - 06:54 PM Last post by: sin247nm |
|||
|
2 | justcallmejoe | 1,231 | 13th June 2006 - 05:36 PM Last post by: therock247uk |
|||
 |
Lo-Fi Version | Time is now: 21st November 2008 - 10:43 PM |