Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Green u in toolbar--Serv-U


  • This topic is locked This topic is locked
11 replies to this topic

#1 missyj

missyj

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 30 August 2005 - 05:08 AM

I have a Green U in my lower toolbar--it says "serv-u"--and I can't get rid of it. Can't go to tech sites or search engines and it makes the internet very hard to access. I have run Norton, Ewido, CWShredder, Ad Aware, and SpySubtractr. Nothing has worked! I was told to run Kaspersky, but can't access the validation email from my infected computer, so that is out. Can someone out there please help???
Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:37:27 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\mui\2241\ms-java.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\mui\2241\dcom.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mui\2241\wircd.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\xptl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\interMute\SpySubtract\spysub.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mui\2241\lsass.exe
C:\Documents and Settings\Julie A. Joseph\My Documents\My Deliveries\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office mouse\1.1\moffice.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [CMISAKXF] C:\WINDOWS\CMISAKXF.exe
O4 - HKLM\..\Run: [FLSYCJPZ] C:\WINDOWS\FLSYCJPZ.exe
O4 - HKLM\..\Run: [FSW] C:\Program Files\FSW\FSW.EXE
O4 - HKLM\..\Run: [GQBM] C:\WINDOWS\GQBM.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PZKUCMW] C:\WINDOWS\PZKUCMW.exe
O4 - HKLM\..\Run: [Upgrade Sarvice] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [vljnjc] C:\WINDOWS\System32\vljnjc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Caese] C:\Program Files\Dvqo\Lnqpliv.exe
O4 - HKLM\..\Run: [t8gl] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Windows DLL Verifier] xptl.exe
O4 - HKLM\..\RunServices: [Windows DLL Verifier] xptl.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/ess/includes/Script...ac.com,CT=java+
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O19 - User stylesheet: (file missing)
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Ms-java - Unknown owner - C:\WINDOWS\system32\mui\2241\ms-java.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UnrealIRCd - none - C:\WINDOWS\system32\mui\2241\wircd.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

PLEASE HELP!!! Computer Geeks want $200 and two day to clean it!!

BC AdBot (Login to Remove)

 


#2 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:12:33 AM

Posted 30 August 2005 - 08:06 AM

hi

from http://www.wilderssecurity.com/showthread....5062#post545062

i'll help you with this :D

first i'd like to get samples of some files there:
enable showing of hidden files following instructions here:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html


go to http://www.thespykiller.co.uk/forum/index.php?board=1.0
press new topic and attach the following files to your post:

C:\WINDOWS\system32\mui\2241\wircd.exe
C:\WINDOWS\system32\mui\2241\ms-java.exe
C:\WINDOWS\system32\xptl.exe
C:\WINDOWS\system32\mui\2241\dcom.exe

include in your post links to this thread and the thread at wilders

i'll take a closer look at the files and determine the best course of action
if possible could you PM me here or at wilders after you have posted at spykiller forums to notify me and to speed this up a bit ;)

meanwhile it would be best to disconnect this infected machine

a couple of more questions:

you seem to have trojan hunter there, is it a licensed version or is it a trial?
if it is a trial is it still valid or has it expired ?
if it is a licensed version i suggest upgrading to the current version
you can get it clickin this link:
http://www.misec.net/products/TrojanHunter.exe
install. update reboot to safe mode and do a full scan
if the trial has expired and you dont want to purchase it i sugest uninstalling it as it is useless without the latest updated rulesets

waiting to hear from you
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor

#3 missyj

missyj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 30 August 2005 - 09:07 AM

Ok,I will do as you suggest, but it might take awhile, since I have to relay the directions to someone on the infected computer. I will get back--Thanks :thumbsup:

#4 missyj

missyj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 30 August 2005 - 09:20 AM

Forgot to answer your other questions. The TrojanHunter was the free version--I wasn't planning on buying it, so will delete it.

Now this might seem like a dumb question, but how do I go about attaching files to my post? I don't think it will work from the infected machine and I can't email from there(at least I couldn't yesterday) so do I save on a disk and post that? That is what I did for the HJT log.

#5 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:12:33 AM

Posted 30 August 2005 - 04:08 PM

i've responded to your PM
at this forum there are no dumb questions ;D
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor

#6 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:12:33 AM

Posted 02 September 2005 - 02:19 PM

hi


Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this thread


download the hoster from
http://www.funkytoad.com/download/hoster.zip
transfer it to the infected pc
unzip the file to your desktop, dont use it yet

open hijackthis, press do a system scan only
put a checkmark next to the following items:
O4 - HKLM\..\Run: [CMISAKXF] C:\WINDOWS\CMISAKXF.exe
O4 - HKLM\..\Run: [FLSYCJPZ] C:\WINDOWS\FLSYCJPZ.exe
O4 - HKLM\..\Run: [FSW] C:\Program Files\FSW\FSW.EXE
O4 - HKLM\..\Run: [GQBM] C:\WINDOWS\GQBM.exe
O4 - HKLM\..\Run: [PZKUCMW] C:\WINDOWS\PZKUCMW.exe
O4 - HKLM\..\Run: [Upgrade Sarvice] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [vljnjc] C:\WINDOWS\System32\vljnjc.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Caese] C:\Program Files\Dvqo\Lnqpliv.exe
O4 - HKLM\..\Run: [t8gl] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Windows DLL Verifier] xptl.exe
O4 - HKLM\..\RunServices: [Windows DLL Verifier] xptl.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O19 - User stylesheet: (file missing)
O23 - Service: Ms-java - Unknown owner - C:\WINDOWS\system32\mui\2241\ms-java.exe
O23 - Service: UnrealIRCd - none - C:\WINDOWS\system32\mui\2241\wircd.exe


then close all browsers and explorer windows, until only hijackthis is open

and click the button fix checked


reboot

locate hoster.exe that you downloaded earlier and doubleclick it
press click here to restore the hosts file and click ok

reboot

go to

http://www.pandasoftware.com/activescan/co...n_principal.htm

to do an online virus scan, make sure to set it to auto clean
when finished save its log

reboot

post the panda log, the uninstall report and a fresh hijackthis log


edited a typo

Edited by illukka, 02 September 2005 - 02:22 PM.

To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor

#7 missyj

missyj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 05 September 2005 - 07:35 PM

Here you go, illukka:

The uninstall list:

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe PDF IFilter 6.0
Adobe Photoshop 5.5
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Elements 2.0
Adobe Reader 7.0
ArcSoft Panorama Maker 3.5
ArcSoft PhotoImpression 3.0
ArtRage
a-squared Free 1.6
BroadJump Client Foundation
Burlington's CD Design Creator
ccCommon
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Context Display
coolbuddy screensavers ashanti01
Corel Painter Essentials 2
Custom Radio Player
CyD WEB Animation Studio
Dell | Support
Dell Picture Studio - Image Expert 2000
Dell Solution Center
Diablo II
Digital Blue™ PC Animation Station
Digital Blue™ PC Digital Movie Creator 2.0
DivX Codec
DV Camera Manager
Easy CD Creator 5 Basic
EPSON Copy Utility
EPSON Online Reference Guide
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN FB
ewido security suite
EXEtender Player
Family Tree Maker 7.0
G-Force
GIF Movie Gear 2.6
GIF Movie Gear 4.0.2
Gutterball
GXB Dialer 100001
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Improvement 1-2-3
HP Image Zone 3.5
hp instant support
HP Photosmart Cameras 3.5
HP Software Update
IE Help
IEC system
ImageDrive (Ahead Software)
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.2.2
Java 2 Runtime Environment, SE v1.4.2_01
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Kaspersky On-line Scanner
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lupe Showcase Screen Saver
Macromedia Shockwave Player
Maui Wowee (remove only)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN Add-in for Windows Messenger
MSN Internet Software
MSN Messenger 7.0
MSN Music Assistant
MSN Search Toolbar
MUSICMATCH Jukebox
Nero - Burning Rom (Web installer)
nik Color Efex Pro 2.0 GE
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
openCanvas3.05E Plus
Paltalk
Pen Tablet
PhoneTools
Power Scan
PRO200WL
QuickTime
RealArcade
RealPlayer
SBC Self Support Tool
SBC Yahoo! Anti-Spy
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
SBC Yahoo! Login
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SFP Usul Screen Saver
Shockwave
Shockwave Player
SightCAM PC-100p
SightCAM PC-100p
Sound Blaster Live! Value
SPBBC
SpySubtract
Starcraft
STOPzilla!
Surf Accuracy
Symantec
Symantec Script Blocking Installer
SymNet
TeamSpeak 2 RC2
Teknik AniGadget
Trouble at the National Neopian Screen Saver
TrueSwitch Wizard SBC
Tukati Client:GameZone
Tukati Redistributor:GameZone
Ulead Photo Explorer 6.0
Ulead Photo Express 4.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
VideoLive Mail 4.0
Viewpoint Media Player
Visual IP InSight(SBC)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows SA
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
Yahoo! extras
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar
Zoo Tycoon: Complete Collection

The panda log:


Incident Status Location

Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:adware/popmonster No disinfected C:\WINDOWS\SYSTEM32\iefeatures.exe
Adware:adware/virtualbouncer No disinfected C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG
Adware:adware/favoriteman No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ATPartners.inf
Adware:adware/funweb No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.8-2.inf
Adware:adware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\JULIE A. JOSEPH\APPLICATION DATA\tvmcwrd.dll
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:adware/ncase No disinfected C:\WINDOWS\msbb.log
Dialer:dialer.bny No disinfected C:\WINDOWS\pcconfig.dat
Adware:adware/superspider No disinfected C:\WINDOWS\securea.html
Dialer:dialer.uy No disinfected C:\WINDOWS\XXX_Adult.exe
Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy
Adware:adware/dealhelper No disinfected C:\WINDOWS\SYSTEM32\Newmsrdk
Adware:adware/wintools No disinfected C:\DOCUMENTS AND SETTINGS\JULIE A. JOSEPH\LOCAL SETTINGS\TEMP\msiein
Adware:adware/twain-tech No disinfected C:\DOCUMENTS AND SETTINGS\JULIE A. JOSEPH\LOCAL SETTINGS\TEMP\THI1A3E.tmp
Adware:adware/sidesearch No disinfected C:\DOCUMENTS AND SETTINGS\JULIE A. JOSEPH\APPLICATION DATA\Lycos
Spyware:spyware/dyfuca No disinfected C:\WINDOWS\STWSI
Adware:adware/mediatickets No disinfected Windows Registry
Dialer:dialer.b No disinfected HKEY_CURRENT_USER\SOFTWARE\EGROUP
Adware:adware/mywebsearch No disinfected Windows Registry
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Adam L. Joseph\Local Settings\Temp\A6A80.tmp[fash.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Allan D. Gentle\Local Settings\Temporary Internet Files\Content.IE5\49YJK9AF\WinTS[2].cab[WToolsS.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Amber N. Joseph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-629f4bea-1532cc4a.zip[Dummy.class]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\alchem.ini
Adware:Adware/Lop No disinfected C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\sta1.exe
Adware:Adware/TVMedia No disinfected C:\Documents and Settings\Julie A. Joseph\Local Settings\Temp\Tvm.upd
Adware:Adware/PortalScan No disinfected C:\Documents and Settings\Melis Cakmak\Local Settings\Temp\C2C31.tmp[mwsvm.exe]
Adware:Adware/PortalScan No disinfected C:\Documents and Settings\Melis Cakmak\Local Settings\Temp\D5D2.tmp[mwsvm.exe]
Adware:Adware/PortalScan No disinfected C:\Documents and Settings\Melis Cakmak\Local Settings\Temp\E8E8.tmp[mwsvm.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\alchem.ini
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\cfin[cfin]
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\cfout.txt
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\sahagent.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\temp.cab[IExploreSkins.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\temp.cab[toolbar.dll]
Adware:Adware/TVMedia No disinfected C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\Tvm.upd
Adware:Adware/StripPlayer No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp
Virus:Trj/Iconz.A Disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP631\A0305054.DLL
Adware:Adware/FunWeb No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP631\A0305065.inf
Spyware:Spyware/Altnet No disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0308829.exe
Virus:Trj/BAT.Zapchast Disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0309888.bat
Virus:Trj/BAT.Zapchast Disinfected C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0309909.bat
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Virus:Trj/Downloader.MO Disinfected C:\WINDOWS\Downloaded Program Files\default.inf
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:Adware/TVMedia No disinfected C:\WINDOWS\memmupdater.exe
Adware:Adware/Startpage.CBL No disinfected C:\WINDOWS\securea.html
Adware:Adware/Lop No disinfected C:\WINDOWS\Temp\Rem1.exe
Adware:Adware/Lop No disinfected C:\WINDOWS\Temp\sta2.exe
Dialer:Dialer.AOB No disinfected C:\WINDOWS\XXX_Adult.exe
and finally the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:24:52 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\interMute\SpySubtract\spysub.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julie A. Joseph\My Documents\My Deliveries\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office mouse\1.1\moffice.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Caese] C:\Program Files\Dvqo\Lnqpliv.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [CMISAKXF] C:\WINDOWS\CMISAKXF.exe
O4 - HKLM\..\Run: [FLSYCJPZ] C:\WINDOWS\FLSYCJPZ.exe
O4 - HKLM\..\Run: [FSW] C:\Program Files\FSW\FSW.EXE
O4 - HKLM\..\Run: [GQBM] C:\WINDOWS\GQBM.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PZKUCMW] C:\WINDOWS\PZKUCMW.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [t8gl] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Upgrade Sarvice] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\manage.exe
O4 - HKLM\..\Run: [vljnjc] C:\WINDOWS\System32\vljnjc.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Windows DLL Verifier] xptl.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\RunServices: [Windows DLL Verifier] xptl.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/ess/includes/Script...ac.com,CT=java+
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

I would have like to disinfect the panda stuff, but it didn't give me that option. Is there anything else I need to do? The serv-u "U" is gone and the computer seems to be running better--no disconnections or error reports. What should I do so this doesn't happen again??

Thanks soooo much for the help! :thumbsup:

#8 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:12:33 AM

Posted 06 September 2005 - 01:36 AM

hi

go to control panel> add/remove programs and uninstall the following
Windows SA
WildTangent Web Driver
Viewpoint Media Player
Surf Accuracy
GXB Dialer 100001
coolbuddy screensavers ashanti01


reboot
open ewido
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
Download CCleaner and install, but do not run it yet.


now, before attempting the next fix i neeed you to disable spy substract, as it may interfere with hjt fixing
to do it right click the spysubstract icon at system tray and select disable real time protection or similar entry.
also is spysubstract asks for added or changed autostartin programs allow the changes!! it is hijackthis that kmakes them, not a malware program!

then open hijackthis

click do a system scan only
checkmark the following :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O4 - HKLM\..\Run: [Caese] C:\Program Files\Dvqo\Lnqpliv.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [CMISAKXF] C:\WINDOWS\CMISAKXF.exe
O4 - HKLM\..\Run: [FLSYCJPZ] C:\WINDOWS\FLSYCJPZ.exe
O4 - HKLM\..\Run: [FSW] C:\Program Files\FSW\FSW.EXE
O4 - HKLM\..\Run: [GQBM] C:\WINDOWS\GQBM.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\e.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PZKUCMW] C:\WINDOWS\PZKUCMW.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [t8gl] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Upgrade Sarvice] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\manage.exe
O4 - HKLM\..\Run: [vljnjc] C:\WINDOWS\System32\vljnjc.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Windows DLL Verifier] xptl.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ofsvxkx.exe
O4 - HKLM\..\RunServices: [Windows DLL Verifier] xptl.exe


then close all browser and explorer windows an click fix checked

reboot

try uploading this file to the spykiller thread:
C:\WINDOWS\system32\xptl.exe
it should now be visible

go to
http://www.bitdefender.com/scan/licence.php
do a full scan, allow it to disinfect automatically
when finished copy the text of the report into notepad, save it into a convenient place

Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
  • Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
  • Select an option when the Windows Advanced Options menu appears, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode

Next, run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Now run Ewido again.
  • Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
also so scans with adaware and spysubsrract while in safe mode
allow them to clean what they find



reboot back to normal mode
also post a fresh hjt log, the ewido report and that bitdefender scanlog
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor

#9 missyj

missyj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 07 September 2005 - 05:38 AM

morning

Here are the logs you wanted:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:00:51 AM, 9/7/2005
+ Report-Checksum: 30CFB97E

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
C:\Documents and Settings\Adam L. Joseph\Cookies\adam l. joseph@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Cookies\adam l. joseph@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Cookies\adam l. joseph@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Cookies\adam l. joseph@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Cookies\adam l. joseph@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Local Settings\Temp\A6A80.tmp/fash.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Adam L. Joseph\Local Settings\Temp\Cookies\adam l. joseph@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@ehg-sonycomputer.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Cookies\amber n. joseph@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\Cookies\amber n. joseph@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@ehg-wizardsofthecoast.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Cookies\julie a. joseph@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Julie A. Joseph\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Melis Cakmak\Local Settings\Temp\C2C31.tmp/mwsvm.exe -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Melis Cakmak\Local Settings\Temp\D5D2.tmp/mwsvm.exe -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Melis Cakmak\Local Settings\Temp\E8E8.tmp/mwsvm.exe -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Cookies\vere w. joseph@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\00000007.tmp/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\temp.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\upd85A.tmp/ME.dll -> Spyware.MediaPops : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP631\A0305050.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP631\A0305052.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP631\A0305054.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP631\A0305055.dll -> Spyware.MyWebSearch : Cleaned with backup


::Report End

here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:29:04 AM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\interMute\SpySubtract\spysub.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Documents and Settings\Julie A. Joseph\My Documents\My Deliveries\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office mouse\1.1\moffice.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {2BF6CEC9-A099-4D97-AD5A-EAB9CAB33AAE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for : C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://intranet.gp.com/ess/includes/Script...ac.com,CT=java+
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/...uditControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

and finally here is bitdefender:

C:\Documents and Settings\Allan D. Gentle\Local Settings\Temp\MiniBug.exe
Detected with: Adware.Wheaterbug.A

C:\Documents and Settings\Allan D. Gentle\Local Settings\Temp\MiniBug.exe
Disinfection failed

C:\Documents and Settings\Allan D. Gentle\Local Settings\Temp\MiniBug.exe
Deleted

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\sta1.exe
Infected with: Trojan.Downloader.Swizzor.BR

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\sta1.exe
Disinfection failed

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\sta1.exe
Deleted

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe=>wise0011
Infected with: Trojan.Downloader.Tsupdate.B

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe=>wise0011
Disinfection failed

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe=>wise0011
Deleted

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe
Update failed

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe=>wise0012
Infected with: Trojan.Downloader.SW

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe=>wise0012
Disinfection failed

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe=>wise0012
Deleted

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\tsinstall_4_0_3_2.exe
Update failed

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\update_1.exe=>(NSIS o)=>zlib_nsis0001
Detected with: Adware.Statblaster.T

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\update_1.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\update_1.exe=>(NSIS o)=>zlib_nsis0001
Deleted

C:\Documents and Settings\Amber N. Joseph\Local Settings\Temp\update_1.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\MiniBug.exe
Detected with: Adware.Wheaterbug.A

C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\MiniBug.exe
Disinfection failed

C:\Documents and Settings\Vere W. Joseph\Local Settings\Temp\MiniBug.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0EC117FC.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Turown.B

C:\Program Files\Norton AntiVirus\Quarantine\0EC117FC.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\0EC117FC.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\229E4D63.ocx=>(Quarantine-2)
Infected with: Trojan.Downloader.PorNet.C

C:\Program Files\Norton AntiVirus\Quarantine\229E4D63.ocx=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\229E4D63.ocx=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\310C55F0.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Turown.A

C:\Program Files\Norton AntiVirus\Quarantine\310C55F0.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\310C55F0.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\31D841FF.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Downloader.Agent.EC

C:\Program Files\Norton AntiVirus\Quarantine\31D841FF.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\31D841FF.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\31D841FF.exe=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\37C6695B.htm=>(Quarantine-2)
Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton AntiVirus\Quarantine\37C6695B.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\37C6695B.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\38483B88.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.JM

C:\Program Files\Norton AntiVirus\Quarantine\38483B88.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\388471F3.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Downloader.Agent.EC

C:\Program Files\Norton AntiVirus\Quarantine\388471F3.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\388471F3.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\388471F3.exe=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\38AE3190.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.KU

C:\Program Files\Norton AntiVirus\Quarantine\38AE3190.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\38AE3190.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3B250772.dll=>(Quarantine-2)
Infected with: Trojan.Imiserv.C

C:\Program Files\Norton AntiVirus\Quarantine\3B250772.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3B250772.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3D0207F7.exe=>(Quarantine-2)=>(CExe r)=>(MS-Compress 5)
Infected with: Trojan.Downloader.Agent.AE

C:\Program Files\Norton AntiVirus\Quarantine\3D0207F7.exe=>(Quarantine-2)=>(CExe r)=>(MS-Compress 5)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3D0207F7.exe=>(Quarantine-2)=>(CExe r)=>(MS-Compress 5)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3D0207F7.exe=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\3D687DFE.exe=>(Quarantine-2)
Detected with: Application.Dialer.IE

C:\Program Files\Norton AntiVirus\Quarantine\3D687DFE.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3D687DFE.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F340ECA.cla=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\4F340ECA.cla=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F340ECA.cla=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F3738C7.cla=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Program Files\Norton AntiVirus\Quarantine\4F3738C7.cla=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F3738C7.cla=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F3738C7.htm=>(Quarantine-2)
Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\4F3738C7.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F3738C7.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F3A62C3.cla=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\4F3A62C3.cla=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F3A62C3.cla=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F4136BC.cla=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\4F4136BC.cla=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F4136BC.cla=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\51B03784.ocx=>(Quarantine-2)
Detected with: Application.Adware.Mediatickets

C:\Program Files\Norton AntiVirus\Quarantine\51B03784.ocx=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\51B03784.ocx=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\523E3AB8.ocx=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.FI

C:\Program Files\Norton AntiVirus\Quarantine\523E3AB8.ocx=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\523E3AB8.ocx=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\53884B4D.ocx=>(Quarantine-2)
Infected with: Trojan.Downloader.PorNet.C

C:\Program Files\Norton AntiVirus\Quarantine\53884B4D.ocx=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\53884B4D.ocx=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A6B5BB8.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Downloader.Agent.EC

C:\Program Files\Norton AntiVirus\Quarantine\5A6B5BB8.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A6B5BB8.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A6B5BB8.exe=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\5A6F05B5.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Downloader.Agent.EC

C:\Program Files\Norton AntiVirus\Quarantine\5A6F05B5.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A6F05B5.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0003
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A6F05B5.exe=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\5A7559AD.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Briss.A

C:\Program Files\Norton AntiVirus\Quarantine\5A7559AD.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A7559AD.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A7803AA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.FN

C:\Program Files\Norton AntiVirus\Quarantine\5A7803AA.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A7803AA.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A7F57A3.EXE=>(Quarantine-2)
Infected with: Trojan.Downloader.Turown.H

C:\Program Files\Norton AntiVirus\Quarantine\5A7F57A3.EXE=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A7F57A3.EXE=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A8C7F94.dll=>(Quarantine-2)
Detected with: Adware.Wheaterbug.A

C:\Program Files\Norton AntiVirus\Quarantine\5A8C7F94.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A8C7F94.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A8C7F94.exe=>(Quarantine-2)
Detected with: Adware.Gator.B

C:\Program Files\Norton AntiVirus\Quarantine\5A8C7F94.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A992786.exe=>(Quarantine-2)=>(CExe r)=>(MS-Compress 5)
Infected with: Trojan.Downloader.Agent.AE

C:\Program Files\Norton AntiVirus\Quarantine\5A992786.exe=>(Quarantine-2)=>(CExe r)=>(MS-Compress 5)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A992786.exe=>(Quarantine-2)=>(CExe r)=>(MS-Compress 5)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A992786.exe=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\5AB04D6D.exe=>(Quarantine-2)
Detected with: Adware.Gator.B

C:\Program Files\Norton AntiVirus\Quarantine\5AB04D6D.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5ABA4B62.exe=>(Quarantine-2)
Detected with: Application.Dialer.FA

C:\Program Files\Norton AntiVirus\Quarantine\5ABA4B62.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5ABA4B62.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5ABD755E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.PurityScan.B

C:\Program Files\Norton AntiVirus\Quarantine\5ABD755E.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5ABD755E.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5AC01F5B.exe=>(Quarantine-2)
Infected with: Trojan.Dropper.Delf.Z

C:\Program Files\Norton AntiVirus\Quarantine\5AC01F5B.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5AC01F5B.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5AC44957.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.CJ

C:\Program Files\Norton AntiVirus\Quarantine\5AC44957.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5AC44957.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E33530C.EXE=>(Quarantine-2)=>wise0008
Infected with: Trojan.Downloader.Tsupdate.B

C:\Program Files\Norton AntiVirus\Quarantine\5E33530C.EXE=>(Quarantine-2)=>wise0008
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E33530C.EXE=>(Quarantine-2)=>wise0008
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E33530C.EXE=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\5E3A2704.EXE=>(Quarantine-2)=>wise0008
Infected with: Trojan.Downloader.Tsupdate.B

C:\Program Files\Norton AntiVirus\Quarantine\5E3A2704.EXE=>(Quarantine-2)=>wise0008
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E3A2704.EXE=>(Quarantine-2)=>wise0008
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E3A2704.EXE=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\5E593E6B.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.HW

C:\Program Files\Norton AntiVirus\Quarantine\5E593E6B.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E593E6B.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E5C6867.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.HW

C:\Program Files\Norton AntiVirus\Quarantine\5E5C6867.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E5C6867.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E633C60.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.KU

C:\Program Files\Norton AntiVirus\Quarantine\5E633C60.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E633C60.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E691059.exe=>(Quarantine-2)
Infected with: Trojan.Small.CY

C:\Program Files\Norton AntiVirus\Quarantine\5E691059.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E691059.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E6C3A55.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DD

C:\Program Files\Norton AntiVirus\Quarantine\5E6C3A55.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E730E4E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.IJ

C:\Program Files\Norton AntiVirus\Quarantine\5E730E4E.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E7A6247.exe=>(Quarantine-2)
Infected with: GenPack:Trojan.Downloader.Dyfuca.EI

C:\Program Files\Norton AntiVirus\Quarantine\5E7A6247.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E7A6247.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E803640.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.JM

C:\Program Files\Norton AntiVirus\Quarantine\5E803640.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E870A39.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.GI

C:\Program Files\Norton AntiVirus\Quarantine\5E870A39.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E870A39.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E8A3435.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Dyfuca.DT

C:\Program Files\Norton AntiVirus\Quarantine\5E8A3435.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E8A3435.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E8D5E31.dll=>(Quarantine-2)
Infected with: Trojan.Isbar.294

C:\Program Files\Norton AntiVirus\Quarantine\5E8D5E31.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E8D5E31.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP615\A0299551.exe=>(Quarantine-2)
Infected with: Trojan.Delwin.J

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP615\A0299551.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP615\A0299551.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP616\A0300595.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP616\A0300595.EXE=>wise0008
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP616\A0300595.EXE=>wise0008
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP616\A0300595.EXE
Update failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0308868.exe=>wise0038=>wise0008
Detected with: Adware.Wheaterbug.A

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0308868.exe=>wise0038=>wise0008
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0308868.exe=>wise0038=>wise0008
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP638\A0308868.exe=>wise0038
Update failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319389.exe
Infected with: Trojan.Firedaemon.C

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319389.exe
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319389.exe
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319392.exe
Infected with: Backdoor.Iroffer.N

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319392.exe
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319392.exe
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319471.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Turown.B

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319471.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319471.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319472.ocx=>(Quarantine-2)
Infected with: Trojan.Downloader.PorNet.C

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319472.ocx=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319472.ocx=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319473.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Turown.A

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319473.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319473.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319474.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.JM

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319474.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319475.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.KU

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319475.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319475.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319476.dll=>(Quarantine-2)
Infected with: Trojan.Imiserv.C

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319476.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319476.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319477.exe=>(Quarantine-2)
Detected with: Application.Dialer.IE

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319477.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319477.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319478.ocx=>(Quarantine-2)
Detected with: Application.Adware.Mediatickets

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319478.ocx=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319478.ocx=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319479.ocx=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.FI

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319479.ocx=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319479.ocx=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319480.ocx=>(Quarantine-2)
Infected with: Trojan.Downloader.PorNet.C

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319480.ocx=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319480.ocx=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319481.dll=>(Quarantine-2)
Infected with: Trojan.Downloader.Briss.A

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319481.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319481.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319482.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.FN

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319482.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319482.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319483.EXE=>(Quarantine-2)
Infected with: Trojan.Downloader.Turown.H

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319483.EXE=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319483.EXE=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319484.dll=>(Quarantine-2)
Detected with: Adware.Wheaterbug.A

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319484.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319484.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319485.exe=>(Quarantine-2)
Detected with: Adware.Gator.B

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319485.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319486.exe=>(Quarantine-2)
Detected with: Adware.Gator.B

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0319486.exe=>(Quarantine-2)

#10 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:12:33 AM

Posted 07 September 2005 - 04:21 PM

hi

great stuff, log appears to be clean now

many infected items in system restore, we'll handle those later



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor

#11 missyj

missyj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 September 2005 - 02:00 PM

Thanks sooo much for the help!! I have done as you suggested so hopefully I won't have this problem again. You have been GREAT! :thumbsup:

#12 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:12:33 AM

Posted 09 September 2005 - 03:20 PM

cheers
glad we could help you !

as the issue here is resolved i'll lock this topic now.
contact the staff to get it reopened if you need continued support
everyone else with similar problems start a new topic
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users