TestaPlus trouble, too ...

  ccinmfd 00:18 31 Jan 06
Locked

I am having a similar problem to one described on an earlier post ... a banner drops down and declares my computer is infected with spyware ... I have tried some of the fixes described herein, to no avail ...

  VoG II 16:24 31 Jan 06

Run HJT click here and post a log at the Malware Removal forum click here

  ccinmfd 02:12 02 Feb 06

Logfile of HijackThis v1.99.1
Scan saved at 8:56:37 PM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mfcig.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Fcenprt\Czdmn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\iPod\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\DOCUME~1\carrollc\LOCALS~1\Temp\155.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\carrollc\LOCALS~1\Temp\156.tmp.exe
c:\program files\common files\aol\1101774857\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1101774857\ee\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\HPWGTBX.exe
C:\WINDOWS\ippb.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\carrollc\Desktop\HijackThis.exe

  ccinmfd 02:13 02 Feb 06

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\drtfw.dll/sp.html#10001%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\drtfw.dll/sp.html#10001%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\drtfw.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bareh.dll/sp.html#10001%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bareh.dll/sp.html#10001%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Class - {6537283D-964A-CBD4-C67B-7091E7AC8979} - C:\WINDOWS\msav32.dll
O2 - BHO: Class - {7E652F00-83F5-AD05-9AAB-F6B25376211E} - C:\WINDOWS\system32\winbg32.dll
O2 - BHO: Class - {F1D7DCBA-0130-C987-716B-EE88E16B0371} - C:\WINDOWS\ipph.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101774857\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Dwmkv] C:\Program Files\Fcenprt\Czdmn.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iPod\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ntbl32.exe] C:\WINDOWS\ntbl32.exe
O4 - HKLM\..\Run: [155.tmp] C:\DOCUME~1\carrollc\LOCALS~1\Temp\155.tmp.exe
O4 - HKLM\..\Run: [156.tmp] C:\DOCUME~1\carrollc\LOCALS~1\Temp\156.tmp.exe
O4 - HKLM\..\Run: [155.tmp.exe] C:\DOCUME~1\carrollc\LOCALS~1\Temp\155.tmp.exe
O4 - HKLM\..\Run: [156.tmp.exe] C:\DOCUME~1\carrollc\LOCALS~1\Temp\156.tmp.exe
O4 - HKLM\..\Run: [addhm32.exe] C:\WINDOWS\addhm32.exe

  ccinmfd 02:15 02 Feb 06

O4 - HKLM\..\Run: [javaon32.exe] C:\WINDOWS\javaon32.exe
O4 - HKLM\..\Run: [addkz32.exe] C:\WINDOWS\system32\addkz32.exe
O4 - HKLM\..\Run: [atlrz32.exe] C:\WINDOWS\system32\atlrz32.exe
O4 - HKLM\..\Run: [mfcig32.exe] C:\WINDOWS\system32\mfcig32.exe
O4 - HKLM\..\Run: [atlih32.exe] C:\WINDOWS\atlih32.exe
O4 - HKLM\..\Run: [syskh.exe] C:\WINDOWS\syskh.exe
O4 - HKLM\..\Run: [addgb32.exe] C:\WINDOWS\addgb32.exe
O4 - HKLM\..\Run: [ntdo.exe] C:\WINDOWS\ntdo.exe
O4 - HKLM\..\Run: [d3xb32.exe] C:\WINDOWS\system32\d3xb32.exe
O4 - HKLM\..\Run: [apisa32.exe] C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\Run: [apiyj.exe] C:\WINDOWS\system32\apiyj.exe
O4 - HKLM\..\Run: [ieut.exe] C:\WINDOWS\ieut.exe
O4 - HKLM\..\Run: [javast.exe] C:\WINDOWS\javast.exe
O4 - HKLM\..\Run: [ntmm32.exe] C:\WINDOWS\ntmm32.exe
O4 - HKLM\..\Run: [addqs32.exe] C:\WINDOWS\addqs32.exe
O4 - HKLM\..\Run: [crgj32.exe] C:\WINDOWS\crgj32.exe
O4 - HKLM\..\Run: [sdkni.exe] C:\WINDOWS\sdkni.exe
O4 - HKLM\..\Run: [ipub32.exe] C:\WINDOWS\ipub32.exe
O4 - HKLM\..\Run: [atlql.exe] C:\WINDOWS\system32\atlql.exe
O4 - HKLM\..\Run: [d3jp32.exe] C:\WINDOWS\d3jp32.exe
O4 - HKLM\..\Run: [iefr32.exe] C:\WINDOWS\iefr32.exe
O4 - HKLM\..\Run: [ipjk.exe] C:\WINDOWS\system32\ipjk.exe
O4 - HKLM\..\Run: [d3sp32.exe] C:\WINDOWS\system32\d3sp32.exe
O4 - HKLM\..\Run: [apimn32.exe] C:\WINDOWS\system32\apimn32.exe
O4 - HKLM\..\Run: [ippb.exe] C:\WINDOWS\ippb.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

  ccinmfd 02:18 02 Feb 06

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\EA SPORTS\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - click here
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - click here
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - click here
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - click here

  ccinmfd 02:20 02 Feb 06

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: Domain = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFBC7FB-20CD-4ABB-A1A4-B64B40758E90}: NameServer = 10.129.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = boysvillage.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = boysvillage.org
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

  ccinmfd 02:22 02 Feb 06

It took five separate posts, but that's all the results from my HiJackThis scan ... I appreciate any help you can give me ... best regards, ccinmfd

  VoG II 12:53 02 Feb 06

Please post your log at click here where the malware removal experts are.

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

Prehistoric Britain is laid out in these Royal Mail stamp illustrations

Best running headphones | Best sport & fitness headphones: 4 brilliant pairs of wireless…