Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Lop.DN [RESOLVED]


  • This topic is locked This topic is locked

#1
paul94

paul94

    New Member

  • Member
  • Pip
  • 2 posts
I opened an .exe file two days ago which I think contained a virus. The original .exe file then dissappeared but my AVG antivirus kept popping up messages on a Trojan Horse Lop.DN which it quarantined but more would appear every half hour or so, apparently with random names. I had threatfire installed which identified a file called opnlmnl.dll in my system32 folder which was trying to access the internet to send information off my system. I have read your instructions and have attached logs from Super anti spyware, panda active scan pro, avg anti spyware and hijackthis. I have tried removing opnlmnl.dll with hijackthis and killbox on the 'delete on reboot' option but this has not worked either. I am still receiving trojan warnings from AVG as I type this. Can you please help me?

SUPERAntiSpyware Scan Log
Generated 09/14/2007 at 08:47 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 03:52:33

Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 8171
Registry threats detected : 27
File items scanned : 168084
File threats detected : 152

Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS3200\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Tracking Cookie
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@16847762[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@71648812[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@cracked[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@revsci[2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@s[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@cgi-bin[3].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@sexsearchcom[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@tribalfusion[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@yadro[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@atdmt[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@cgi-bin[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@drivecleaner[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@a[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@netmediagroup[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@atwola[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@burstnet[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@azjmp[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@newsexbuddy[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@yourdailymedia[2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@indiads[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@imrworldwide[2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@yourmedia[2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@toplist[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@komtrack[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@mediabum[2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@cerosmedia[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@avsmedia[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@xiti[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@amsterdamlivexxx[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@clicktorrent[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr smith@picturetheloan[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@warezlinker[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][3].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][9].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@clickbank[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@mediapost[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@adecn[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@usenext[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][7].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@cpvfeed[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@mediaplex[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@hypertracker[2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@advertising[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@bluestreak[1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@superstats[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][3].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@elite-videos[1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][6].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@adtech[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][4].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][5].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][2].txt
C:\Documents and Settings\Mr Smith\Cookies\mr_smith@questionmarket[2].txt
C:\Documents and Settings\Mr Smith\Cookies\[email protected][3].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@cerosmedia[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@precisionclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\TEMP\KBDUMMY.0
C:\DOCUMENTS AND SETTINGS\MR SMITH\LOCAL SETTINGS\TEMP\KBDUMMY.1



logfile of panda active scan pro

Incident Status

Location





Spyware:Cookie/NewMedia Disinfected

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt




Spyware:Cookie/DriveCleaner Disinfected

C:\Documents and Settings\Guest\Cookies\guest@drivecleaner[1].txt




Spyware:Cookie/ErrorSafe Disinfected

C:\Documents and Settings\Guest\Cookies\guest@errorsafe[2].txt




Spyware:Cookie/DriveCleaner Disinfected

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt




Spyware:Cookie/ErrorSafe Disinfected

C:\Documents and Settings\Guest\Cookies\[email protected][2].txt




Spyware:Cookie/fe.lea.lycos Disinfected

C:\Documents and Settings\Mr Smith\Cookies\mr [email protected][1].txt




Spyware:Cookie/888 Disinfected

C:\Documents and Settings\Mr Smith\Cookies\mr_smith@888[1].txt




Spyware:Cookie/NewMedia Disinfected

C:\Documents and Settings\Mr Smith\Cookies\[email protected][1].txt




Spyware:Cookie/Go Disinfected

C:\Documents and Settings\Mr Smith\Cookies\mr_smith@go[1].txt




Possible Virus. No disinfected

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe




Dialer:Dialer.ISB No disinfected

C:\Program Files\Online Services\BTYahoo\HPPre05.msi[btwebcontrol.dll]






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:51:14 15/09/2007

+ Scan result:



Nothing found.


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 21:19:32, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterInstallMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thisismoney.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.c...cts/wanadoohome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\opnlmnl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) -

http://h20278.www2.h...DataManager.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -

http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnlmnl - C:\WINDOWS\SYSTEM32\opnlmnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic

Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic

Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
  • 0

Advertisements


#2
paul94

paul94

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I think this has now been resolved. I followed the instructions on a similar thread, ran Vundofix (which found no vundo files) then Combofix. this appears to have cured the problem, Thankyou very much.
  • 0

#3
MoNsTeReNeRgY22

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP