Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Toolbar888, Smitfraud, Trojan Vs Add-in And More


  • This topic is locked This topic is locked
39 replies to this topic

#1 robprops

robprops

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 05 November 2006 - 01:18 PM

Hello,
I have been infected for some time now, and the problem is worsening. I have run spybot and adaware many times, but viruses/malware keep coming back. Bit Defender stops at 84% and quits. Norton anti virus is detecting VS Add-In and VS Add-ini.dll, and others. Smitfraud is new this weekend, as well as Toolbar 888. I first noticed VSToolbar and searched for fixes and got on to your website about 2 weeks ago, and have been trying to eradicate these myself. I am new to this format, but looking forward to learning how to fix and protect my system!
Thanks in advance for your help.
robprops
Logfile of HijackThis v1.99.1
Scan saved at 10:01:05 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121139678593
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9BA4E076-A552-4DEA-940E-7300E675FF92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:48 PM

Posted 05 November 2006 - 06:10 PM

Hello and welcome. :thumbsup:

I see two antivirus programs running at the same time, BitDefender and Symantec's Norton. That's a problem. They will conflict with each other and render the computer vulnerable. Please decide on one of them and uninstall/remove the other via Add/Remove Programs in Control Panel.

======================================

Logitech Desktop Messenger uses "BackWeb" proactive technology to retrieve information about your Logitech devices by downloading content in the background during network idle time. Eventhough they claim not to upload any other information to their servers or any other internet servers, it's still spying in my book. So, if you want to remove this feature, simply remove "Logitech Desktop Messenger" from Add/Remove programs in the control panel while you are there.

======================================

Disable Norton's Script Blocking so that it will not interfere with the fixes.
  • Start Norton Antivirus.
  • Click Options.
  • If a menu appears when you click Options, then click Norton Antivirus.
  • The Norton Antivirus Options dialog box appears.
  • Click Script Blocking.
  • Uncheck Enable Script Blocking (recommended).
  • Click OK
You can reenable it afterwards when everything is clean again.

======================================

Scan with HijackThis and put a checkmark against the following entries:

R3 - Default URLSearchHook is missing
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll




Close all other browsers, application, windows, except HijackThis and click on fix checked. Exit HijackThis.

=====================================

Restart your computer. Scan with HijackThis again and post the fresh HijackThis log please.

#3 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 05 November 2006 - 08:04 PM

Thanks for the help so far. I have followed your instructions, however I did not reboot into safe mode to run hijack this. Is this a problem? Here is the next log...
robprops

Logfile of HijackThis v1.99.1
Scan saved at 4:56:56 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121139678593
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:48 PM

Posted 05 November 2006 - 08:44 PM

Hi,

however I did not reboot into safe mode to run hijack this. Is this a problem? Here is the next log...
robprops

No problem at all. I didn't ask you to do that anyway. However the following entry is still present. Please fix it with HijackThis. Make sure that Norton Script Blocking service is disabled again.

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll


==============================================

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it Do not run it yet.

===============================================

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Do not scan with it yet.

====================================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=====================================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

=======================================================

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

======================================================

You have an older therefore vulnerable version of Java. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says " Java Runtime Environment (JRE) 5.0 Update 9
    The J2SE Runtime Environment (JRE) allows end-users to run Java applications.".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
======================================================

Perform an online scan with Internet Explorer with [url="http://%5burl="'http://www.pandasoftware.com/products/activescan.htm"]http://www.pandasoftware.com/products/activescan.htm"][/url]Panda ActiveScan[/url]
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  • Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
    Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image
=======================================================
Post back the results from AVG AntiSpyware, Panda Online scan and a fresh HijackThis log please. Also let me know how the computer is running now. Thanks. :thumbsup:

#5 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 06 November 2006 - 02:04 AM

Hi Amatuer,
sorry for the delay. We had a dinner party, and now it is too late to continue. I am running the AVG scan, but am having trouble with the safe mode screen. I can only see part of the application screen because the font size is to big in safe mode. Do I change this in control panel? (I think this may be a really dumb question, but I am stumped. ) I am going to have to continue this fix tomorrow evening as I will be at work early. Thanks for the help so far, I feel that you are on the trail of the malware. I am going to let the scan continue tonight, and try to do a bit before I go to work.
Thanks gain for the help.
robprops

#6 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 06 November 2006 - 05:35 AM

Back again...
the computer is running much better. Norton is giving me the warning that VS Add-In and VS Add-in.dll are present and it can't fix them.
Here are the logs
Panda will follow when it's finished.
Thanks for your patience.
robprops

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:46:07 AM 11/6/2006

+ Scan result:



C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned.
C:\Program Files\minicliptoolbar toolbar\BarMan.exe -> Adware.MegaSearch : Cleaned.
C:\Program Files\minicliptoolbar toolbar\minicliptoolbar.dll -> Adware.MegaSearch : Cleaned.
C:\Downloads\LemonadeTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned.
C:\Program Files\Qualcomm\Eudora\Eudora52+patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Haley\Cookies\haley@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
C:\Documents and Settings\Jesse\Cookies\jesse@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\Jesse\Cookies\jesse@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:28:08 AM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121139678593
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#7 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 06 November 2006 - 08:53 AM

Hello,
here's the Panda log, and a fresh Hi Jack this
Thanks.
robprops


Incident Status Location

Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf
Adware:adware/topconvert Not disinfected c:\windows\downloaded program files\loader2.ocx
Virus:vbs/psyme.gen Not disinfected Operating system
Dialer:dialer.b Not disinfected c:\windows\tmlpcert2005
Adware:adware/mediatickets Not disinfected Windows Registry
Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/navipromo Not disinfected Windows Registry
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Hannah\Cookies\hannah@cgi-bin[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Hannah\Cookies\hannah@fe.lea.lycos[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jesse\Cookies\jesse@cgi-bin[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jesse\Cookies\jesse@www.systemdoctor[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Joel\Cookies\joel@ads.gorillanation[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Lisa\Cookies\lisa@winantivirus[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Lisa\Cookies\lisa@www.systemdoctor[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Rob\Desktop\SmitfraudFix\SmitfraudFix\swsc.exe
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\sam\Cookies\sam@ads.gorillanation[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sam\Cookies\sam@atwola[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\sam\Cookies\sam@winantivirus[2].txt
Hacktool:HackTool/Scansql.A Not disinfected C:\poolbot\webserver\poolbot.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
Spyware:Cookie/888 Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Documents and Settings/Rob/Cookies/rob@888[1].txt]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Documents and Settings/Rob/Cookies/rob@ad.yieldmanager[1].txt]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Documents and Settings/Rob/Cookies/rob@ad.yieldmanager[3].txt]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Documents and Settings/Rob/Cookies/rob@ad.yieldmanager[4].txt]
Spyware:Cookie/Clickbank Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Documents and Settings/Rob/Cookies/rob@clickbank[1].txt]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Documents and Settings/Rob/Cookies/rob@statcounter[1].txt]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/a.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/b.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ba.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bb.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bc.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bd.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/be.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bf.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bg.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bh.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bi.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bj.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bk.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bl.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bm.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bn.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bo.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bp.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bq.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/br.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bs.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bt.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bu.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bv.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bw.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bx.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/by.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/bz.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/c.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ca.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cb.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cc.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cd.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ce.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cf.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cg.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ch.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ci.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cj.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ck.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cl.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cm.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cn.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/co.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cp.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cq.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cr.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cs.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ct.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cu.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cv.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cx.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/cz.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/d.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/da.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/db.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dc.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dd.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/de.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/df.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/di.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dl.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dm.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dn.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dp.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dr.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ds.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dt.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/du.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dv.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dw.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dx.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dy.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/dz.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/ed.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/f.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/h.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/i.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/j.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/l.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/m.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/n.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/p.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/q.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/r.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/s.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/t.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/u.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/w.class]
Adware:Adware/TopMoxie Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/x.class]
Adware:Adware/MoeMoney Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724123745.zip[Program Files/limeshop/System/Code/y.class]
Dialer:Dialer.B Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724124453.zip[WINDOWS/system32/egdial.dll]
Dialer:Dialer.B Not disinfected C:\Program Files\PestPatrol\Quarantine\20060724124453.zip[WINDOWS/downloaded program files/ia.inf]
Adware:Adware/MediaTickets Not disinfected C:\Program Files\PestPatrol\Quarantine\20060806192047.zip[WINDOWS/Downloaded Program Files/MediaTicketsInstaller.INF]
Virus:Bck/TclockBased.A Disinfected C:\Program Files\PestPatrol\Quarantine\20060806192047.zip[Program Files/TClock/tclock_install.exe]
Adware:Adware/PurityScan Not disinfected C:\Program Files\PestPatrol\Quarantine\20061008174219.zip[Program Files/cowabanga/uninstaller.exe]
Virus:Bck/TclockBased.A Disinfected C:\Program Files\TClock\tclock.exe
Virus:Trj/Qhost.B Disinfected C:\WINDOWS\hosts
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup
Virus:Trj/Qhost.B Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20031014-222146.backup
Logfile of HijackThis v1.99.1
Scan saved at 5:49:30 AM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121139678593
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX

#8 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:48 PM

Posted 06 November 2006 - 01:22 PM

Hi robprops,


We are getting there. Just a little more clean up to do. Please print these instructions so that you'll have access to them later in Safe Mode. Please read them carefully and follow them in the order they are presented. Make sure that Norton script blocking is disabled.

Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware SE is 1.06 and Spybot 1.4. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

=================================================

Make sure that you can see hidden files
" Click Start
" Open My Computer
" Select the Tools menu and click Folder Options
" Select the View Tab
" Under the Hidden files and folders heading select Show hidden files and folders
" Uncheck the Hide protected operating system files (recommended) option
" Click Yes to confirm
" Click OK
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

================================================

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Look in here for
more information.

================================================

Go to Start>Control Panel>Add/Remove Programs and uninstall/remove ipwins, if found.

================================================

Go to start > run and type: regsvr32 /u occache.dll
(note the single space between rgsvr32 and / , or copy and paste this in the field in start > run )
Click Ok

==================================================
Using Windows Explorer, navigate to locate and delete the following files and folders, if found:

c:\windows\system32\stlb2.xml

c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf

c:\windows\downloaded program files\loader2.ocx

c:\windows\tmlpcert2005
C:\poolbot\webserver\poolbot.exe

C:\Program Files\ipwins
C:\Documents and Settings\Rob\Desktop\SmitfraudFix

Delete the contents of the following folder, but not the folder itself:


C:\Program Files\PestPatrol\Quarantine

===================================================

Go to start > run and type regsvr32 occache.dll
Click OK

===================================================

Copy and paste the contents of the following text inside the code box into a Notepad (notepad, not wordpad. Otherwise it won't work).

REGEDIT4

	  [-HKEY_LOCAL_MACHINE\software\classes\appid\CheckProduct2_1.DLL]


* Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end.
* Click File at the top and then choose Save As.
* Change Save As Type to All Files.
* Name it FixME.reg and save it on your desktop.
* Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.

=====================================================

Have the following entry fixed with HijackThis:

O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL (file missing)

=====================================

Run Panda again and post back the results along with a fresh HijackThis log please.

#9 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 06 November 2006 - 01:54 PM

Thanks Amateur,
I won't be able to get to the infected computer for awhile. I can't wait to follow your last set of instructions!!
Last time in safe mode I couldn't see the entire screen because of the font size(?). Do you now how to change the settings for safe mode, so that the entire application screen is visible, or how to scroll the screens?
Many thanks...
robprops

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:48 PM

Posted 06 November 2006 - 02:38 PM

Last time in safe mode I couldn't see the entire screen because of the font size(?). Do you now how to change the settings for safe mode, so that the entire application screen is visible, or how to scroll the screens?


Yes, that's a problem. Easiest way to get to see what's on the desktop is to use the Windows Explorer (right click on Start, click on Explore). Navigate to Desktop and click on it. It will show you the list of everything on your desktop. Once you open any of the applications, you can use the title bar to move around the window and resize it a. using the "maximize" button in the top right corner of the page, or using your cursor to resize the window from the sides of the frame. I hope these suggestions work. :thumbsup:

#11 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 07 November 2006 - 02:13 AM

Hello Amateur,
after what seems like an eternity I have been able to get back to the computer and follow your instructions. The computer seems to be beter than it was, but I am getting messages from NAV about the trojan VSAdd-In and its close cousin. Also Winantivirus keeps hijacking the browser. I feel that you have an answer for these problems as well, so here are the Panda and HJT logs. I should add that while I am away, other family members are using this computer. Will this adversely effect your 'treatment'? Also, previously in safe mode I did not have the start menu, but when I rebooted with safe mode with networking I get the start menu. This allowed me to navigate within the applications much more easily, and to get to the 'hard to reach' part of the screens!
Thanks for the help.
robprops

Panda

Incident Status Location

Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\truhdxhy.dll
Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml
Virus:vbs/psyme.gen Not disinfected Operating system
Adware:adware/mediatickets Not disinfected Windows Registry
Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/navipromo Not disinfected Windows Registry
Dialer:dialer.b Not disinfected HKEY_CLASSES_ROOT\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Hannah\Cookies\hannah@cgi-bin[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Hannah\Cookies\hannah@fe.lea.lycos[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jesse\Cookies\jesse@cgi-bin[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Jesse\Cookies\jesse@www.systemdoctor[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Joel\Cookies\joel@ads.gorillanation[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Lisa\Cookies\lisa@winantivirus[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Lisa\Cookies\lisa@www.systemdoctor[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Rob\Cookies\rob@stats1.reliablestats[2].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\sam\Cookies\sam@ads.gorillanation[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sam\Cookies\sam@atwola[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\sam\Cookies\sam@winantivirus[2].txt
Hacktool:HackTool/Scansql.A Not disinfected C:\poolbot\webserver\poolbot.exe
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Documents and Settings/Rob/Cookies/rob@888[1].txt]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Documents and Settings/Rob/Cookies/rob@ad.yieldmanager[1].txt]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Documents and Settings/Rob/Cookies/rob@ad.yieldmanager[3].txt]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Documents and Settings/Rob/Cookies/rob@ad.yieldmanager[4].txt]
Spyware:Cookie/Clickbank Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Documents and Settings/Rob/Cookies/rob@clickbank[1].txt]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Documents and Settings/Rob/Cookies/rob@statcounter[1].txt]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/a.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/b.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ba.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bb.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bc.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bd.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/be.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bf.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bg.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bh.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bi.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bj.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bk.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bl.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bm.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bn.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bo.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bp.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bq.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/br.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bs.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bt.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bu.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bv.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bw.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bx.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/by.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/bz.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/c.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ca.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cb.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cc.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cd.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ce.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cf.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cg.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ch.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ci.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cj.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ck.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cl.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cm.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cn.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/co.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cp.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cq.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cr.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cs.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ct.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cu.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cv.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cx.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/cz.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/d.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/da.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/db.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dc.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dd.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/de.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/df.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/di.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dl.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dm.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dn.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dp.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dr.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ds.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dt.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/du.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dv.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dw.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dx.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dy.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/dz.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/ed.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/f.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/h.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/i.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/j.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/l.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/m.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/n.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/p.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/q.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/r.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/s.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/t.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/u.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/w.class]
Adware:Adware/TopMoxie Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/x.class]
Adware:Adware/MoeMoney Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc10.zip[Program Files/limeshop/System/Code/y.class]
Dialer:Dialer.B Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc11.zip[WINDOWS/system32/egdial.dll]
Dialer:Dialer.B Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc11.zip[WINDOWS/downloaded program files/ia.inf]
Adware:Adware/MediaTickets Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc13.zip[WINDOWS/Downloaded Program Files/MediaTicketsInstaller.INF]
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc21.zip[Program Files/cowabanga/uninstaller.exe]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc5.inf
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc8\Uninst.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc9\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-1844237615-1957994488-839522115-1003\Dc9\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\asjaapcs.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\bpsbvkkm.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\bvsaudmr.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\caotasdx.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\chtyfiai.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\dhwifldl.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\efmetsch.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\fgahgcul.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\flgtttlg.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\gddrofvk.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ipqnocem.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\iwyoguxc.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\jafwrtcx.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\jnmwkiyf.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\jyuehqpq.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\kjmmhvwj.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\osceappk.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\piyarwue.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\pnddvwlr.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\qengmihi.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\qsgxypkr.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\rhtjnufq.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\svccanck.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\uiaubrro.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\vuaocopy.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ypwrkrij.exe



Logfile of HijackThis v1.99.1
Scan saved at 10:58:16 PM, on 11/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008&#

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:48 PM

Posted 07 November 2006 - 06:19 AM

Hi,
The HijackThis log seems to be cut off can you please repost it. Also, please keep this computer off the internet until it's clean so that it will not pick up new stuff. As for Safe Mode with networking, it's not a safe method to use as you'll be connected to the internet without any protection. Most of your security applications will not be available in safe mode. In the mean time I'll go through the Panda log and as soon as I get the fresh HJT log, I'll be able to post you the new set of instructions. Thanks.

#13 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 07 November 2006 - 10:52 AM

HI Amateur,
I will repost the HJT log as soon as possible. I disconnected my network cable, then I rebooted in Safe mode with networking, which should prevent any contact with the internet? I don't get the start menu in regular safe mode otherwise. However, if this is not ok, I will figure out how to follow your instructions using the taskmanager-(I am not very well versed in this method!)
Thanks for the help.
robprops

#14 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:48 PM

Posted 07 November 2006 - 11:01 AM

I disconnected my network cable, then I rebooted in Safe mode with networking, which should prevent any contact with the internet?

That's good. :thumbsup: Waiting for the log.

#15 robprops

robprops
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 07 November 2006 - 02:59 PM

HI Amateur,
here'sthe HJT log..I hope its complete.
Thanks,
robprops

Logfile of HijackThis v1.99.1
Scan saved at 11:53:15 AM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121139678593
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.16/ttinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Rob\Desktop\avg anti spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users