Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Trojan.FakeAV - I removed this but...  (Read 4296 times)

0 Members and 1 Guest are viewing this topic.

captamer1

    Topic Starter


    Greenhorn

    Trojan.FakeAV - I removed this but...
    « on: January 26, 2010, 04:40:12 PM »
    now I am only able to get on line using either ftp or https...http will not connect...any thoughts would be apreciated.
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Trojan.FakeAV - I removed this but...
    « Reply #1 on: January 26, 2010, 04:49:40 PM »
    Download TrendMicro HijackThis.exe (HJT) to the desktop.

    * Double-click on HJTInstall.
    * Click on the Install button.
    * It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
    * Upon install, HijackThis should open for you.
    * Important! If using Windows Vista or Windows 7, close HijackThis. Now right-click HijackThis and Run As Administrator
    * Click on the Do a system scan and save a log file button
    * HijackThis will scan and then a log will open in notepad.
    * Copy and then paste the entire contents of the log in your post.
    * Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
    Logged

    captamer1

      Topic Starter


      Greenhorn

      Re: Trojan.FakeAV - I removed this but...
      « Reply #2 on: January 26, 2010, 05:00:30 PM »
      I am unable to access the web via http://????? only ftp:// or https://
      Logged

      captamer1

        Topic Starter


        Greenhorn

        Re: Trojan.FakeAV - I removed this but...
        « Reply #3 on: January 26, 2010, 05:05:53 PM »
        trying to use a flash drive to take it from the laptop to the desk top
        Logged

        captamer1

          Topic Starter


          Greenhorn

          Re: Trojan.FakeAV - I removed this but...
          « Reply #4 on: January 26, 2010, 05:09:34 PM »
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 7:07:25 PM, on 1/26/2010
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v8.00 (8.00.6001.18702)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
          C:\Program Files\Canon\CAL\CALMAIN.exe
          C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yahoo.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
          R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
          O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
          O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
          O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
          O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\IPSBHO.DLL
          O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
          O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
          O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
          O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [ajhkxwac] C:\Documents and Settings\Owner\Local Settings\Application Data\ojmkqe\wpwusysguard.exe
          O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
          O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
          O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
          O4 - HKCU\..\Run: [ajhkxwac] C:\Documents and Settings\Owner\Local Settings\Application Data\ojmkqe\wpwusysguard.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
          O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
          O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
          O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140141522249
          O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141697703484
          O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
          O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
          O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
          O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
          O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
          O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
          O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
          O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
          O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
          O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
          O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe (file missing)
          O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

          --
          End of file - 8471 bytes
          Logged

          captamer1

            Topic Starter


            Greenhorn

            Re: Trojan.FakeAV - I removed this but...
            « Reply #5 on: January 26, 2010, 06:21:14 PM »
            Here it is...again, I can get on the internet with ftp and https but not http




            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 7:07:25 PM, on 1/26/2010
            Platform: Windows XP SP3 (WinNT 5.01.2600)
            MSIE: Internet Explorer v8.00 (8.00.6001.18702)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
            C:\Program Files\Canon\CAL\CALMAIN.exe
            C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yahoo.com
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
            R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
            O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
            O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
            O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
            O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\IPSBHO.DLL
            O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
            O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
            O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
            O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [ajhkxwac] C:\Documents and Settings\Owner\Local Settings\Application Data\ojmkqe\wpwusysguard.exe
            O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
            O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
            O4 - HKCU\..\Run: [ajhkxwac] C:\Documents and Settings\Owner\Local Settings\Application Data\ojmkqe\wpwusysguard.exe
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
            O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
            O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
            O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140141522249
            O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141697703484
            O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
            O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
            O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
            O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
            O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
            O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
            O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll
            O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
            O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
            O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
            O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe (file missing)
            O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

            --
            End of file - 8471 bytes
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Trojan.FakeAV - I removed this but...
            « Reply #6 on: January 26, 2010, 07:05:15 PM »
            Quote
            Here it is...again, I can get on the internet with ftp and https but not http

            I don't completely understand this. Are there only a few sties you can visit or do you have to change the URL to FTP or HTTPS?
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Trojan.FakeAV - I removed this but...
            « Reply #7 on: January 26, 2010, 07:26:52 PM »
            Open HijackThis and select Do a system scan only

            Place a check mark next to the following entries: (if there)

            • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
            • O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
            • O4 - HKLM\..\Run: [ajhkxwac] C:\Documents and Settings\Owner\Local Settings\Application Data\ojmkqe\wpwusysguard.exe
            • O4 - HKCU\..\Run: [ajhkxwac] C:\Documents and Settings\Owner\Local Settings\Application Data\ojmkqe\wpwusysguard.exe
            .
            Important: Close all open windows except for HijackThis and then click Fix checked.

            Once completed, exit HijackThis.

            ----------

            If you already have ComboFix be sure to delete it and download a new copy.

            Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

            Link #1
            Link #2

            **Note:  It is important that it is saved directly to your Desktop

            Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

            Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
             
            Double click combofix.exe & follow the prompts.
            Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
            When finished ComboFix will produce a log for you.
            Post the ComboFix log in your next reply.

            Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

            Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

            If you have problems with ComboFix usage, see How to use ComboFix

            ----------

            1. Close all open Web browsers.
            2. From the Start menu in Windows select Control Panel.
            3. Select Add or Remove Programs.
            4. Uninstall any of the following programs associated with Ask.com: (the names may be slightly different)

            - Ask.com
            - Ask Bar
            - Ask Desktop Search
            - Ask Search
            - Ask Toolbar
            - Ask Jeeves

            5. Click Change/Remove for each and uninstall all found.

            ----------

            Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

            Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

            Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

            Exit out of MessengerDisable then delete the two files that were put on the desktop.
            Logged
            Pages: [1]   Go Up
            « previous next »