Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rmoval of Admilli/Lop & subsequent problems[RESOLVED]


  • This topic is locked This topic is locked

#1
ulftheunwashed

ulftheunwashed

    New Member

  • Member
  • Pip
  • 4 posts
I have had a recurring adware problem which my existing Spybot identified as Admilli Service but which didn't have the files and registry keys associated with Admilli, and which kept replenishing itself when I deleted it. AdAware identified it as Lop.
I followed the step-by-step instructions on this site, including downloading and using CleanUp, AdAware and CWShredder and running an online virus scan at Trend Micro. I'm now showing no infections.
HOWEVER...
I then downloaded and tried to install WinPatrol and Ewido, but the computer refuses to install either of them. Instead I get an error message which reads (for Ewido):
D:/PROGRA~1\symantec\S32EVNT1.DLL An installable Virtual Device Driver failed dll initialization. Choose "Close" to terminate the application.
If I click on ignore, it brings up another message:
D:\WINNT\system32\autoexec.nt. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose "Close" to terminate the application.

A similar problem is reported when I try to install WinPatrol.

My CPU usage has also gone crazy and keeps sticking on 100%, so everything is running slooooooowwwwly

My question is firstly: have I removed the malware, or is it (or any other) still present? And secondly: have AdAware and the other spyware tools removed something vital which is causing these new problems, and if so, can I restore it?
My HijackThis log is below- many thanks if you are able to help. I do have an AdAware logfile pre removal if needed.

Logfile of HijackThis v1.99.1
Scan saved at 18:03:59, on 20/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\WINNT\System32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Common Files\Symantec Shared\SymTray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
D:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
D:\Program Files\VoyagerTest\fts.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\WINNT\system32\internat.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
D:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\WINNT\system32\taskmgr.exe
D:\WINNT\system32\notepad.exe
D:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qtgimngtg...CrrR7i5a1VA.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ggyvlzqam...f2K2xpoieQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {84BD2AFD-04FA-2950-8539-E60BB035164E} - D:\DOCUME~1\JANE1\APPLIC~1\METARO~1\htm flag.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "D:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VIEWLITEOOZEONCE] D:\Documents and Settings\All Users.WINNT\Application Data\third burn view lite\hide platform.exe
O4 - HKLM\..\Run: [hml] D:\WINNT\hml.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Heck Jugs] D:\DOCUME~1\JANE1\APPLIC~1\4REFMO~1\dupe coal.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = D:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AOL Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: EPSON CardMonitor.lnk = D:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = D:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomg...gamesplayer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D34742E-5D0C-4B8B-9EDD-A32582E2274D}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: Speed Disk service - Unknown owner - D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe (file missing)
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

To answer your question, no it's still there. You should not go about fixing these yourself unless you know how to fix them properly. Doing so may make matters worse. The fixes that we provide to each user it different in most cases, so don't follow them.

OK, I see the problem here. You installed Messenger Plus with their so-called "sponsor" program. I highly recommend not using their software at all (even if you install without sponsor). I just don't trust programs that bundle themselves with this junk. As you can see, it's more trouble than it's worth to get the nice, cool features in that program.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Messenger Plus - this program contains a 'sponsor' program. If you installed this 'sponsor' program, please uninstall Messenger Plus and reinstall it back but without the sponsor.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qtgimngtg...CrrR7i5a1VA.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ggyvlzqam...f2K2xpoieQ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {84BD2AFD-04FA-2950-8539-E60BB035164E} - D:\DOCUME~1\JANE1\APPLIC~1\METARO~1\htm flag.exe
O4 - HKLM\..\Run: [stcinstaller] D:\installer\id53.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VIEWLITEOOZEONCE] D:\Documents and Settings\All Users.WINNT\Application Data\third burn view lite\hide platform.exe
O4 - HKLM\..\Run: [hml] D:\WINNT\hml.exe
O4 - HKCU\..\Run: [Heck Jugs] D:\DOCUME~1\JANE1\APPLIC~1\4REFMO~1\dupe coal.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

D:\Program Files\MessengerPlus! 3\
D:\DOCUME~1\JANE1\APPLIC~1\METARO~1\
D:\installer\id53.exe
D:\Documents and Settings\All Users.WINNT\Application Data\third burn view lite\
D:\WINNT\hml.exe
D:\DOCUME~1\JANE1\APPLIC~1\4REFMO~1\


Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.
  • 0

#3
ulftheunwashed

ulftheunwashed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your advice. I have followed as far as poss. I agree with you re Messenger - it's garbage; however, we are quite isolated and my teenage daughter regards it as her lifeline to her friends so I'm stuck with it and I don't want to lose her contacts list etc as they matter very much to her. I have reinstalled it minus "sponsor program" (adware adware adware) as you advised; however in the interval between your reply and my action, the [bleep] thing has updated itself to version 7. I have not proceeded beyond your instructions which may explain it if there is new and unwanted MSN stuff in the HijackThis log. Incidentally, after I created the log I made a further attempt to install Ewido to see what would happen, and it generates the same error message as before.

Log is attached. I really do appreciate you taking the time to help.

Logfile of HijackThis v1.99.1
Scan saved at 23:35:00, on 21/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\WINNT\System32\svchost.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
d:\program files\mcafee.com\agent\mcagent.exe
D:\WINNT\system32\wfxsnt40.exe
D:\Program Files\Common Files\Symantec Shared\SymTray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\WINNT\Mixer.exe
D:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
D:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
D:\Program Files\VoyagerTest\fts.exe
D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
D:\WINNT\system32\internat.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
D:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
D:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
d:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] D:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "D:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = D:\WINNT\system32\spool\drivers\w32x86\2\E_SRCV03.EXE
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AOL Tray Icon.lnk = D:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: EPSON CardMonitor.lnk = D:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = D:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomg...gamesplayer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINNT\System32\Ati2evxx.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: Speed Disk service - Unknown owner - D:\Program Files\Norton SystemWorks\Norton Speed Disk\nopdb.exe (file missing)
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Don't get it confused with the Microsoft MSN Messenger. Messenger Plus does not belong to Microsoft. I think it's just a program with much "cooler features" than the regular MSN Messenger. I suggest using MSN Messenger instead and lose the features. That's just my opinion :tazz:

As far as this log is concerned, it's clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#5
ulftheunwashed

ulftheunwashed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for reply delay; when I restarted after the last operation, the system crashed and dumped the physical memory to disk, after which I couldn't get back online for a day or so - the connection process simply stopped each time and stuck at the "talking to ISP" stage. Each time I enable the broadband connection now, the CPU usage goes up to 100% and sticks there until the connection is complete, which is taking at least 3 and as long as 7 min. Other operations appear unaffected and broadband runs fine once the connection process finally finishes and CPU usage drops back to normal levels. It makes no difference whether antivirus and/or firewall are running at the time or not.
I appreciate that this is the malware forum and mine is no longer a malware problem. I'm using the diagnostics I have to try and solve the problem and will try uninstalling & reinstalling broadband if necessary, but if I need further help, should I transfer my request to a more appropriate forum?

Thanks again.
  • 0

#6
ulftheunwashed

ulftheunwashed

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Scrub the last - problem sorted - connectivity services had corrupted and I've repaired them. Thread can be closed. Thanks so much for your help. :tazz:
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP