Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Message On Avast


  • This topic is locked This topic is locked
15 replies to this topic

#1 bigvern4

bigvern4

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 28 November 2006 - 05:09 AM

hi, my name is steve from scotland,

i'm running xp sp2 and now i get these avast warning msgs coming up, 20 max, could somebody pls help me with the hj log, any input GR8LY appreciated.



Logfile of HijackThis v1.99.1
Scan saved at 09:55:10, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150211377437
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 November 2006 - 11:21 AM

Hello Steve, and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 November 2006 - 11:54 AM

Hey bigvern4, sorry for the delay in getting back to you.

======

I'm afraid I have some bad news concerning your computer: one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

======

If you want to try and fix your computer, please follow my next steps:

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 5.0 Update 9). Please update and remove the older versions. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have this icon next to it: Posted Image
Select it and click Remove.
Then download and install the newest version from here:
Java Runtime Environment (JRE) 5.0 Update 9

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Please set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

======

Next, please find and delete the following file (if present):

C:\WINDOWS\system\smss.exe <--Make sure you delete this file!

======

Reboot into Normal Mode again.

======

Open HijackThis
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

======

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop, so you can post this log in your next reply.

======

Please post me back the following (you may need more than one reply to get that all in!):
- New HijackThis log
- Panda report
- Uninstall list

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 bigvern4

bigvern4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 28 November 2006 - 01:12 PM

thnks for you speedy reply, i'll work on cleaning, then and removing critical data from my machine, i'll be in touch once agin thank you.

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 November 2006 - 01:17 PM

Good luck, and I look forward to hearing from you soon. :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 bigvern4

bigvern4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 28 November 2006 - 03:02 PM

here is the hijack this log,

Logfile of HijackThis v1.99.1
Scan saved at 09:55:10, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150211377437
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

and here is hte panda report


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt[server.iad.liveperson.net/hc/68944346]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ann\Cookies\ann@112.2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ann\Cookies\ann@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ann\Cookies\ann@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\ann\Cookies\ann@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ann\Cookies\ann@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\ann\Cookies\ann@adviva[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ann\Cookies\ann@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ann\Cookies\ann@atdmt[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\ann\Cookies\ann@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\ann\Cookies\ann@bluestreak[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\ann\Cookies\ann@c.goclick[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ann\Cookies\ann@casalemedia[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\ann\Cookies\ann@clickbank[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\ann\Cookies\ann@counter.hitslink[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ann\Cookies\ann@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ann\Cookies\ann@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ann\Cookies\ann@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ann\Cookies\ann@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ann\Cookies\ann@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\ann\Cookies\ann@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ann\Cookies\ann@questionmarket[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ann\Cookies\ann@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ann\Cookies\ann@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\ann\Cookies\ann@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ann\Cookies\ann@statse.webtrendslive[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\ann\Cookies\ann@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\ann\Cookies\ann@tradedoubler[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\ann\Cookies\ann@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\ann\Cookies\ann@xmts[2].txt
Possible Virus. Not disinfected C:\Documents and Settings\ann\Local Settings\Temp\9exssd32.p.exe
Possible Virus. Not disinfected C:\Documents and Settings\ann\Local Settings\Tempsetup.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.com.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\sam\Cookies\sam@adrevolver[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sam\Cookies\sam@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sam\Cookies\sam@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\sam\Cookies\sam@media.adrevolver[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sam\Cookies\sam@mediaplex[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.com.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.adtech.de/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.revenue.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.tucows.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[server.iad.liveperson.net/hc/50387788]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\9bre5b5g.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\steph\Cookies\steph@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\steph\Cookies\steph@2o7[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\steph\Cookies\steph@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\steph\Cookies\steph@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\steph\Cookies\steph@adtech[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\steph\Cookies\steph@int.sitestat[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\steph\Cookies\steph@int.sitestat[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\steph\Cookies\steph@questionmarket[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\steph\Cookies\steph@revenue[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\steph\Cookies\steph@serving-sys[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\steph\Cookies\steph@stats1.reliablestats[1].txt
Virus:Trj/Clagge.B Disinfected Archive Folders\Sent Items\RE: RE Q510 - Thank you for your email to PayPal (KMM59695971V94898L0KM) :kf2\TT-022-421-683.zip[TT-022-421-683.exe]
Possible Virus. Not disinfected C:\Documents and Settings\steph\Local Settings\Tempsetup.exe


and finally uninstall list

µTorrent
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Alcohol 120% (Trial Version)
Apple Software Update
ArcSoft PhotoImpression
avast! Antivirus
AVG Anti-Spyware 7.5
Aztech CNR2900 V.90 Modem
BitComet 0.70
BitTorrent 5.0.0
blueyonder Instant Support Tool
Craxtion4
Disc2Phone
eMule
EPSON Printer Software
EPSON Scan
ESCX5400 Reference Guide
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
iPod for Windows 2006-06-28
iTunes
iTunes Art Importer
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Logitech QuickCam Software
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
Mozilla Firefox (1.5.0.8)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero 7 Demo
QuickTime
RealPlayer
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 2.0
Sonic MyDVD
Sonic RecordNow!
Sony Ericsson PC Suite 1.20.173
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy 1.4
UniChrome Series Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 November 2006 - 03:10 PM

The end of the uninstall list got cut off, can you repost it for me?
EDIT: you also pasted the same HijackThis log as before, can you run a new scan for me?

Edited by rookie147, 28 November 2006 - 03:12 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 bigvern4

bigvern4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 28 November 2006 - 03:18 PM

hi
hijack this

Logfile of HijackThis v1.99.1
Scan saved at 20:13:38, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150211377437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe



uninstal
µTorrent
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Alcohol 120% (Trial Version)
Apple Software Update
ArcSoft PhotoImpression
avast! Antivirus
AVG Anti-Spyware 7.5
Aztech CNR2900 V.90 Modem
BitComet 0.70
BitTorrent 5.0.0
blueyonder Instant Support Tool
Craxtion4
Disc2Phone
eMule
EPSON Printer Software
EPSON Scan
ESCX5400 Reference Guide
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
iPod for Windows 2006-06-28
iTunes
iTunes Art Importer
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Logitech QuickCam Software
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
Mozilla Firefox (1.5.0.8)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero 7 Demo
QuickTime
RealPlayer
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 2.0
Sonic MyDVD
Sonic RecordNow!
Sony Ericsson PC Suite 1.20.173
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy 1.4
UniChrome Series Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Service
VIA Rhine-Family Fast-Ethernet Adapter
Videora iPod Converter 0.91
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 November 2006 - 05:17 PM

Hi Steve, sorry for the delay in getting back to you.

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

I have noticed that you do not have a firewall installed!
This is an essential piece of software that acts as an extra layer of security, which restricts access to your computer from the outside world.
Therefore, please download one of these free firewalls:
Zone Alarm
Sygate
Kerio
If you would like some more information about firewalls and how to use them effectively, take a look here.

======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Java 2 Runtime Environment, SE v1.4.2_05
µTorrent
BitComet 0.70
BitTorrent 5.0.0
eMule

You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://www.spywareinfo.com/articles/p2p/

======

Please download ATF Cleaner.
Don't run it yet!

======

I see you have AVG Anti-Spyware installed. Please open it, then follow these steps to update it:
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Double click ATF-Cleaner.exe to run the program.
Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

Click Exit on the main menu to close the program.

======

Next, please find and delete the following files (if present):

C:\Documents and Settings\ann\Local Settings\Temp\9exssd32.p.exe
C:\Documents and Settings\ann\Local Settings\Tempsetup.exe
C:\Documents and Settings\steph\Local Settings\Tempsetup.exe

======

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
======

Reboot into Normal Mode again.

======

Please post me back the AVG report and let me know- how are things running now?
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 bigvern4

bigvern4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 28 November 2006 - 05:24 PM

i thought i was using the windows based fire wall

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 November 2006 - 05:48 PM

The thing with the Windows Firewall is that it only blocks outgoing connections, and you are liable to attack from incoming connections as well; this is how most malware is installed on your computer. Simply put, Windows XP contains a mediocre firewall, and it would be better to use a software firewall that blocks both ingoing and outgoing traffic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 bigvern4

bigvern4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 29 November 2006 - 06:31 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:27:04 29/11/2006

+ Scan result:



:mozilla.15:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@centerparcs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@truitionphilipspublicuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.31:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.45:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.46:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.84:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.44:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.129:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.153:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.41:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.57:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@e-2dj6whloqhdzmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@e-2dj6wjmyqiazaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.73:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@ehg-iwantoneofthose.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@ehg-technuity.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.104:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.105:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.106:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.94:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.77:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\sam\Cookies\sam@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.116:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.117:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.118:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.119:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.120:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.121:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.122:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.123:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.146:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.147:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.42:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.91:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.92:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.93:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.130:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.131:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@pr.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.88:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.87:C:\Documents and Settings\ann\Application Data\Mozilla\Firefox\Profiles\vx1jxsx4.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.154:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\ann\Cookies\ann@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.87:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.95:C:\Documents and Settings\sam\Application Data\Mozilla\Firefox\Profiles\n2rdlits.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

cheers

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 29 November 2006 - 06:39 AM

How are things running now?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 bigvern4

bigvern4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 30 November 2006 - 01:26 PM

charles,

i thank you ver y much for your help, all appears to be ok, change passwords etc. but no virus alerts or anything like that, still checking with the tools you suggested whilst infected, and now appears to be all clean.sorry have not replied sooner, installed sygate firewall, and puter no llike, removed and in process of installin other the is more ME frendly, thank you v muck

#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 30 November 2006 - 04:57 PM

Since you appear to be free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
If, of course, you encounter any more problems, please let me know and I'll try my best to sort them out for you.
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users