Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Arrgh


  • Please log in to reply
13 replies to this topic

#1 plugger147

plugger147

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 29 March 2007 - 04:14 PM

Been away and come back to a pc full of rubbish, can you help please.
Advice on a good firewall and antivirus would be appreciated too.

thanks jamie.

Logfile of HijackThis v1.99.1
Scan saved at 22:13:10, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


m

#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 03 April 2007 - 02:01 PM

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):
To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.
webhancer

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Greets Jürgenv

Donation: Click me.

#3 plugger147

plugger147
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 03 April 2007 - 05:58 PM

ok here goes. :thumbsup:

Dr web log:

install.exe;C:\Documents and Settings\PLUGGER;Adware.Macfa;Incurable.Moved.;
MermaidPinball_Setup_30m_EN-dm.exe;C:\Documents and Settings\PLUGGER\Desktop;Adware.TryMedia;Incurable.Moved.;
02 - duke of earl showaddywaddy 00.wma;C:\Documents and Settings\PLUGGER\Shared;Trojan.Isbar.389;Deleted.;
backup-20070317-153609-458.dll;C:\HijackThis\backups;Adware.WebHancer;Incurable.Moved.;
backup-20070317-153609-930.dll;C:\HijackThis\backups;Adware.ClickSpring;Incurable.Moved.;
CFD.exe;C:\Program Files\BroadJump\Client Foundation;Adware.Cfd;Incurable.Moved.;
system.dll;C:\Program Files\Common Files\{64C149D8-096C-2057-1207-04082704002c};Trojan.DownLoader.17039;Deleted.;
Update.exe;C:\Program Files\Common Files\{64C149D8-096C-2057-1207-04082704002c};Trojan.DownLoader.17040;Deleted.;
system.dll;C:\Program Files\Common Files\{64C149D8-096D-2057-1207-04082704002c};Trojan.DownLoader.17039;Deleted.;
Update.exe;C:\Program Files\Common Files\{64C149D8-096D-2057-1207-04082704002c};Trojan.DownLoader.17040;Deleted.;
backup-20070215-212841-706.dll;C:\Program Files\Hijackthis\backups;Adware.Macfa;Incurable.Moved.;
whiehlpr.dll;C:\Program Files\webHancer\Programs;Adware.WebHancer;Incurable.Moved.;
A0071208.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP628;Trojan.MulDrop.3338;Deleted.;
A0072750.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.Macfa;Incurable.Moved.;
A0072814.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.Delfin;Incurable.Moved.;
A0072815.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.Delfin;Incurable.Moved.;
A0072816.ocx;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.Delfin;Incurable.Moved.;
A0072817.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.Delfin;Incurable.Moved.;
A0072819.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.WebHancer;Incurable.Moved.;
A0072820.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.WebHancer;Incurable.Moved.;
A0072829.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP661;Adware.WebHancer;Incurable.Moved.;
A0073257.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP670;Adware.ClickSpring;Incurable.Moved.;
A0073319.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP671;Adware.ClickSpring;Incurable.Moved.;
A0073353.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP672;Adware.ClickSpring;Incurable.Moved.;
A0073391.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP672;Adware.ClickSpring;Incurable.Moved.;
A0073448.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP672;Adware.ClickSpring;Incurable.Moved.;
A0073495.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP673;Adware.ClickSpring;Incurable.Moved.;
A0073513.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP674;Adware.ClickSpring;Incurable.Moved.;
A0073562.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP675;Adware.ClickSpring;Incurable.Moved.;
A0073633.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP676;Adware.ClickSpring;Incurable.Moved.;
A0073694.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP678;Adware.ClickSpring;Incurable.Moved.;
A0073750.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP679;Adware.ClickSpring;Incurable.Moved.;
A0073778.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP679;Adware.ClickSpring;Incurable.Moved.;
A0073803.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP679;Adware.ClickSpring;Incurable.Moved.;
A0073878.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP681;Adware.ClickSpring;Incurable.Moved.;
A0073898.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP681;Adware.ClickSpring;Incurable.Moved.;
A0073901.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP681;Adware.WebHancer;Incurable.Moved.;
A0073902.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP681;Adware.WebHancer;Incurable.Moved.;
A0074079.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP682;Adware.ClickSpring;Incurable.Moved.;
A0074113.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP682;Adware.ClickSpring;Incurable.Moved.;
A0074185.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP684;Adware.Macfa;Incurable.Moved.;
A0074620.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP685;Adware.ClickSpring;Incurable.Moved.;
A0074622.exe\data001;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP685\A0074622.exe;Adware.ClickSpring;;
A0074622.exe\data003;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP685\A0074622.exe;Adware.ClickSpring;;
A0074622.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP685;Archive contains infected objects;Moved.;
A0075068.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP685;Adware.Maxifiles;Incurable.Moved.;
A0075069.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP685;Adware.Maxifiles;Incurable.Moved.;
A0075552.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP695;Trojan.DownLoader.17039;Deleted.;
A0075553.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP695;Trojan.DownLoader.17040;Deleted.;
A0075554.dll;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP695;Trojan.DownLoader.17039;Deleted.;
A0075555.exe;C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP695;Trojan.DownLoader.17040;Deleted.;
actskn45.ocx;C:\WINDOWS\system32;Trojan.Isbar.439;Deleted.;


hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 23:56:16, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks Jamie.

#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 03 April 2007 - 06:00 PM

Did you uninstalled Webhancer yet?

Edited by jurgenv, 03 April 2007 - 06:00 PM.

Greets Jürgenv

Donation: Click me.

#5 plugger147

plugger147
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 03 April 2007 - 06:18 PM

yes, it's not in the add/remove menu either.

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 03 April 2007 - 06:46 PM

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  • Run AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* Next, run Ad-aware and perform a full scan. Remove everything found.
  • Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with tha report of AVG antispyware.
Greets Jürgenv

Donation: Click me.

#7 plugger147

plugger147
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 07 April 2007 - 04:33 PM

HI, I can't get avi to work in safe mode or in normal mode, I can't even uninstall it it just freezes up. :thumbsup:

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 07 April 2007 - 05:23 PM

Let's try a different method:

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location and post the report here with a new hijackthis log.
Greets Jürgenv

Donation: Click me.

#9 plugger147

plugger147
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 09 April 2007 - 01:29 PM

panda scan keeps saying error on page :flowers: , i have managed to run avi in normal mode if thats any good.

avi scan.

C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075668.exe -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075669.exe -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075670.ocx -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075671.dll -> Adware.DelphinMediaViewer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075667.exe -> Adware.MaxSearch : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075646.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075647.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075648.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075649.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075650.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075651.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075652.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075653.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075654.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075655.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075656.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075657.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075658.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075659.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075660.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075661.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075662.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075663.dll -> Adware.PurityScan : No action taken.
C:\Documents and Settings\PLUGGER\Desktop\FlowerShopSetup-dm.exe -> Adware.Trymedia : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075674.exe -> Adware.Trymedia : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075637.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075639.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075641.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075642.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075643.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075645.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075633.exe -> Downloader.Age : No action taken.
C:\Documents and Settings\PLUGGER\Incomplete\T-384382-(DoD) qsh 777 fat arsed aunty paulin _crack_ [Divx].zip/setup.exe -> Hijacker.Agent.hi : No action taken.
C:\Documents and Settings\PLUGGER\Incomplete\T-403619-01 - qsh 777 fat arsed aunty paulin _192kbps_ [x].zip/setup.exe -> Hijacker.Agent.hi : No action taken.
C:\Documents and Settings\PLUGGER\Cookies\plugger@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\PLUGGER\Cookies\plugger@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\PLUGGER\Cookies\plugger@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\PLUGGER\Cookies\plugger@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\PLUGGER\Cookies\plugger@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\PLUGGER\Cookies\plugger@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075635.exe -> Trojan.Small : No action taken.
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075636.exe -> Trojan.Small : No action taken.
C:\Documents and Settings\PLUGGER\Complete\PDA Toolbox 5.2.zip/Setup.exe -> Worm.VB.dw : No action taken.


::Report end


Hi jack this log.

Logfile of HijackThis v1.99.1
Scan saved at 19:27:52, on 09/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks, Jamie :thumbsup:

#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 09 April 2007 - 01:34 PM

The log shows 'no action taken', are you sure you have removed everything?
Greets Jürgenv

Donation: Click me.

#11 plugger147

plugger147
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 09 April 2007 - 06:41 PM

Sorry Thinki missed that.

avi scan.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:33:24 10/04/2007

+ Scan result:



C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075668.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075669.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075670.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075671.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075667.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075646.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075647.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075648.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075649.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075650.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075651.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075652.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075653.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075654.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075655.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075656.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075657.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075658.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075659.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075660.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075661.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075662.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075663.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\PLUGGER\Desktop\FlowerShopSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075674.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075637.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075639.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075641.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075642.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075643.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075645.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075633.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\Documents and Settings\PLUGGER\Incomplete\T-384382-(DoD) qsh 777 fat arsed aunty paulin _crack_ [Divx].zip/setup.exe -> Hijacker.Agent.hi : Cleaned with backup (quarantined).
C:\Documents and Settings\PLUGGER\Incomplete\T-403619-01 - qsh 777 fat arsed aunty paulin _192kbps_ [x].zip/setup.exe -> Hijacker.Agent.hi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075635.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{ACEB4DBE-AB45-4850-B71D-83E08ABA0B0B}\RP696\A0075636.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\PLUGGER\Complete\PDA Toolbox 5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end

hi jack this log:

Logfile of HijackThis v1.99.1
Scan saved at 00:36:54, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bikechatforums.com/index.php?si...6d2ae8341815269
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thjanks Jamie.

#12 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 09 April 2007 - 06:43 PM

Looking good, how is everything working? :thumbsup:
Greets Jürgenv

Donation: Click me.

#13 plugger147

plugger147
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 10 April 2007 - 08:55 AM

Seems to be ok, thanks buddy. :thumbsup:

Any idea's on what to use to stop this stuff popping up in the first place?

#14 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:08 AM

Posted 10 April 2007 - 09:02 AM

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Bleepingcomputer are to help you, for your sake we would rather not have repeat customers. :thumbsup:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users