|
|
|
Access Members Area (and all that jazz...)
|
|
|
zippy1982
Newbie
|
26. March 2006 @ 09:08 |
Link to this message
|
Well it seems to have got a lot of people including me :o( I have gone through some of the topics on this forum and I'm not too sure how much I understand, but I realise you nice guys who help would like a log from HijakThis which I downloaded and here it is.
If anyone could help me with what to do next that would be greatly appreciated. My computer is a little slow, so there maybe other problem other than just this access memembers area desktop item thing :o(
Thanks in advance!
Matt
Logfile of HijackThis v1.99.1
Scan saved at 19:57:48, on 26/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\TEMP\win371.tmp.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\win2FD.tmp.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C2DD1C9-36A9-DF39-CB9D-D3DEAAAFD95D} - (no file)
O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code...
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/026ad4f7202f894fff06/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configur...
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlaccell.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
|
|
Advertisement
|
 |
|
|
Senior Member
|
27. March 2006 @ 02:40 |
Link to this message
|
Ok, you got many infections.
You don't have a firewall or an antivirus on your computer. You seem to have some Norton remainings so lets clean those too.
Download and install one firewall and one antivirus.
These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com
These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com
Cleaning instructions:
1.Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/
2.Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.
3.Go to Control Panel -> Add or remove programs -> Remove DyFuCa, CashBack, BargainBuddy, Windows AdControl, WebRebates if found
4.Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {6C2DD1C9-36A9-DF39-CB9D-D3DEAAAFD95D} - (no file)
O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/026ad4f7202f894fff06/netzip/RdxIE601.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlaccell.CAB
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
5.Open Notepad
Copy these lines and paste to the notepad
sc stop navapsvc
sc delete navapsvc
sc stop SBService
sc delete SBService
sc stop SNDSrvc
sc delete SNDSrvc
sc stop ZESOFT
sc delete ZESOFT
Save the document to the desktop as Removal.bat and file type: All Files
Go to your desktop, run the file Removal.bat and ask yes to any questions.
6.Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)
7.Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.
8.Run ATF Cleaner -> Check select all -> Press Empty selected
9.Delete these folders if found:
C:\Program Files\-->Windows AdControl
C:\Program Files\-->WebRebates
C:\Program Files\-->DyFuCa
C:\Program Files\-->BargainBuddy
C:\Program Files\-->CashBack
C:\Program Files\-->ISTsvc
C:\Program Files\-->ISTbar
10.Delete these files if found:
C:\WINDOWS\System32\-->bridge.dll
C:\WINDOWS\system32\-->nvms.dll
C:\WINDOWS\system32\-->mscb.dll
C:\WINDOWS\system32\-->msbe.dll
C:\WINDOWS\SYSTEM32\-->winrkp32.dll
C:\WINDOWS\-->zeta.exe
11.Empty the Recycle Bin
12.Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.
13.Scan and clean your computer with Ewido and save the log file.
14.Restart your computer normally.
15.Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 27. March 2006 @ 02:53
|
|
zippy1982
Newbie
|
27. March 2006 @ 20:05 |
Link to this message
|
Wow!! Many thanks for your time and help, this is very much appreciated!
Below are the two log files you have requested.
I'm also now running in the Background, Zone Alarm, Norton Anti-Virus and Ewido. Is that okay?
Many thanks!
Matt
HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 08:12:51, on 28/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code...
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configur...
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 06:49:40, 28/03/2006
+ Report-Checksum: FCDD20AB
+ Scan result:
HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Alset -> Adware.HelpExpress : Cleaned with backup
HKLM\SOFTWARE\Alset\HX -> Adware.HelpExpress : Cleaned with backup
HKLM\SOFTWARE\Alset\HX\Users -> Adware.HelpExpress : Cleaned with backup
HKLM\SOFTWARE\CashBack -> Adware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg\CLSID -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg\CurVer -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Bridge.brdg.1 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher.1 -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Jao.jao -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Jao.jao\CLSID -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Jao.jao\CurVer -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Jao.jao.1 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1 -> Adware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand\CLSID -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand\CurVer -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand.1 -> Adware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Adware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Adware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\msbb -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\NaviSearch -> Adware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\salm -> Adware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\twaintec -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXClient -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXDL -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXIUL -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXIUL\Current -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Apropos -> Adware.Apropos : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\IESearchbar -> Adware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\IESearchbar\IESearchbar -> Adware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\HelpExpress -> Adware.HelpExpress : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\msbb -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\PowerScan -> Adware.PowerScan : Cleaned with backup
HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\salm -> Adware.180Solutions : Cleaned with backup
C:\c.vbs -> Downloader.Small.f : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Downloaded Programmes\MS Office 2003\Product Key & Activation Code Disable\Anti-MSOPA.exe/Anti-MSOPA.exe -> Trojan.Agent.jh : Error during cleaning
C:\HJT\backups\backup-20060327-224749-131.dll -> Adware.BargainBuddy : Cleaned with backup
C:\HJT\backups\backup-20060327-224749-273.dll -> Logger.Briss.i : Cleaned with backup
C:\HJT\backups\backup-20060327-224749-803.dll -> Adware.BargainBuddy : Cleaned with backup
C:\HJT\backups\backup-20060327-224749-979.dll -> Adware.BargainBuddy : Cleaned with backup
C:\HJT\backups\backup-20060327-224751-370.dll -> Downloader.Dia.a : Cleaned with backup
C:\Program Files\Alset\HelpExpress\Owner\Client\HelpExp.exe -> Adware.HelpExpress : Cleaned with backup
C:\Program Files\Alset\HelpExpress\Owner\Download\CLIENT.CAB/HelpExp.exe -> Adware.HelpExpress : Error during cleaning
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup
C:\Program Files\BullsEye Network -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\ad.dat -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adv.exe -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adx.exe -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\ub.dat -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\ouuq\ouuqa.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\ouuq\ouuql.exe -> Downloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\ouuq\ouuqm.exe -> Downloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\ouuq\ouuqp.exe -> Adware.Xupiter : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Power Scan -> Adware.PowerScan : Cleaned with backup
C:\Program Files\Power Scan\powerscan.exe -> Adware.PowerScan : Cleaned with backup
C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup
C:\Program Files\SideFind\sfbho.dll -> Adware.SideFind : Cleaned with backup
C:\Program Files\Windows AdTools\WinWrench.dll -> Adware.WinAD : Cleaned with backup
C:\Program Files\WindowsSA\omniscient.exe -> Adware.BlazeFind : Cleaned with backup
C:\Program Files\WindowsSA\omniscienthook.dll -> Adware.BlazeFind : Cleaned with backup
C:\temp\lc.exe -> Adware.BetterInternet : Cleaned with backup
C:\temp\NCasePackage.exe -> Dropper.180Solutions.a : Cleaned with backup
C:\temp\salm.exe -> Adware.180Solutions : Cleaned with backup
C:\temp\salmhook.dll -> Adware.180Solutions : Cleaned with backup
C:\temp\WebRebates_Auto_InstallSilent_Euro.exe -> Adware.WebRebates : Cleaned with backup
C:\temp\WinAdCtlInstPack.exe -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\2_0_1browserhelper2.dll -> Hijacker.Delf.r : Cleaned with backup
C:\WINDOWS\alchem.exe -> Downloader.Alchemic : Cleaned with backup
C:\WINDOWS\Belt.exe -> Downloader.Stubby.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\bridge.dll -> Logger.Briss.g : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\jao.dll -> Logger.Briss.g : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\legacymp3.exe -> Downloader.Small.bp : Cleaned with backup
C:\WINDOWS\dxjlfsy.exe -> Downloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\emsw.exe -> Adware.HelpExpress : Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\qpoluxef.exe -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\SYSTEM32\a.exe -> Logger.Briss.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\angelex.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\apuc.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\axuninstall.exe -> Adware.BlazeFind : Cleaned with backup
C:\WINDOWS\SYSTEM32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\exdl1.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\exul.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\exul1.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\omniband.dll -> Adware.BlazeFind : Cleaned with backup
C:\WINDOWS\SYSTEM32\wsaupdater.exe -> Adware.BlazeFind : Cleaned with backup
C:\WINDOWS\twaintec.dll -> Adware.BiSpy : Cleaned with backup
C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup
::Report End
This message has been edited since posting. Last time this message was edited on 27. March 2006 @ 21:15
|
Senior Member
|
28. March 2006 @ 02:55 |
Link to this message
|
OK, not clean yet. [You had a nice collection of malware... =)]
Install an antivirus.
These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com
New cleaning instructions
Download Blacklight to your desktop -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe
Do not run a scan yet.
Download Killbox to your desktop -> http://www.downloads.subratam.org/KillBox.zip
Unzip it to your desktop.
Run HijackThis and fix this entry:
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
Run Killbox.exe
-> Choose Delete on Reboot
-> Click All Files option.
Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy)
C:\WINDOWS\SYSTEM32\netut80ex.vxd
C:\WINDOWS\system32\exdl.exe
C:\WINDOWS\system32\mqexdlm.srg
C:\WINDOWS\system32\exul.exe
C:\WINDOWS\system32\javexulm.vxd
C:\WINDOWS\SYSTEM32\winrkp32.dll
Then go back to Killbox
-> go to File
-> choose Paste from Clipboard
-> Click the red-white Delete File option.
-> Click Yes to Delete on Reboot question
-> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!)
-> Restart your computer if Killbox won't do it.
(If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe)
Restart your computer to the safe mode.
Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.
Delete this folder:
C:\Program Files\Alset
Empty the Recycle Bin
Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.
Scan and clean your computer with Ewido and save the log file.
Restart your computer normally.
Run a scan with F-Secure Blacklight
-> Do NOT rename anything yet
-> It will save the log to your desktop, named fsbl**********.txt
Post the following logs to here so we can see if your computer is now clean.
-> fresh HijackThis log
-> Ewido's log
-> Blacklight's log
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 28. March 2006 @ 02:57
|
|
zippy1982
Newbie
|
28. March 2006 @ 12:20 |
Link to this message
|
Hi again!
Thank you ever so much for all your help so far. It's so refreshing to have people like you in the world that actually care for others :o)
Here are the three log files that you have requestd.
Many thanks!
Matt
HijakThis:
Logfile of HijackThis v1.99.1
Scan saved at 22:52:26, on 28/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code...
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configur...
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 22:26:47, 28/03/2006
+ Report-Checksum: 85C6B678
+ Scan result:
C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Error during cleaning
C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Error during cleaning
C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Error during cleaning
C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Error during cleaning
C:\!KillBox\winrkp32.dll -> Downloader.Small.cml : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85I309QN\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NBRV3G1P\wdinit64[1].exe -> Trojan.Dialer.u : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QZC1WDCJ\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QZC1WDCJ\wdinit64[2].exe -> Trojan.Dialer.u : Cleaned with backup
C:\Downloaded Programmes\MS Office 2003\Product Key & Activation Code Disable\Anti-MSOPA.exe/Anti-MSOPA.exe -> Trojan.Agent.jh : Error during cleaning
C:\WINDOWS\SYSTEM32\AdService.dll -> Downloader.Small.cml : Cleaned with backup
::Report End
BLACKLIGHT
03/28/06 22:47:07 [Info]: BlackLight Engine 1.0.33 initialized
03/28/06 22:47:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/28/06 22:47:07 [Note]: 7019 4
03/28/06 22:47:07 [Note]: 7005 0
03/28/06 22:47:11 [Note]: 7006 0
03/28/06 22:47:11 [Note]: 7011 1296
03/28/06 22:47:13 [Note]: FSRAW library version 1.7.1015
03/28/06 22:49:56 [Note]: 7007 0
|
Senior Member
|
28. March 2006 @ 20:20 |
Link to this message
|
Ok, still something that must be done.
Fix this entry with HijackThis:
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
Restart your computer to the safe mode.
Make your hidden files visible.
Delete this folder:
C:\Downloaded Programmes\MS Office 2003\-->Product Key & Activation Code Disable
Make your hidden files invisible.
And because you had so many infections, your computer must be scanned with eScan.
1.Download eScan from here and save it to your desktop -> http://www.spywareinfo.dk/download/mwav.exe
2.Doubleclick to file mwaw.exe (on your desktop) and unzip the program to its default location (C:\Kaspersky)
3.Close the eScan window.
4.Then go to the folder C:\Kaspersky and run a file called kavupd.exe. It will update the program. (If ZoneAlarm alerts about connections to this program, allow those)
5.When kavupd.exe has finished go to the folder C:\Downloads and press CTRL+A (Select all files) then press CTRL+C (Copy) and go to the folder C:\Kaspersky and press CTRL+V (Paste), overwrite files when asked.
6.Then go to the folder C:\Kaspersky and run a file named mwavscan. Check these options:
Memory, Registry, Startup Folders, System Folders, Services, Drive -> All Local drives, Scan all files
7.Then press Scan Clean button.
9.When scan has finished, copy the results from the field in the scan window. Just copy those with your mouse and paste and save those with the Notepad to your desktop. Name it to viruslog.txt (check this picture -> http://koti.mbnet.fi/pattaya1/eScan10.jpg )
10.Post the eScan's results (viruslog.txt) and a one more HijackThis log to here.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
zippy1982
Newbie
|
29. March 2006 @ 08:22 |
Link to this message
|
Hi again!!
Below are the files you have asked for. I've suddenly in the last 24 hours or so started to lose Internet connection. This is not when browsing, but when I've either been away from the computer for a LONG time or when I re-start it. I have to disconnect the modem to re-boot and wait for a while.
Could this have anything to do with Zone Alarm or anything like that? I have just added two more computers to my wireless network, so that maybe it. However they have Internet when I don't?!?!
Thanks!
Matt
Logfile of HijackThis v1.99.1
Scan saved at 19:14:25, on 29/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code...
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configur...
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
KASPERSKY:
File C:\WINDOWS\system32\npwext32.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\nv4vcs.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed.
File C:\!KillBox\netut80ex.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\16BE0B37.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\31415717.dll infected by "Trojan.Win32.VB.jo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159173.exe tagged as not-a-virus:AdWare.Win32.EZula.a. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159174.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159176.exe tagged as not-a-virus:AdWare.Win32.SaveNow.c. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159177.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.a. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159178.exe tagged as not-a-virus:AdWare.Win32.Exact.a. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159555.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159556.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159561.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159562.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159563.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159564.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159632.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159633.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159634.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159726.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159727.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159728.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159729.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159735.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1081\A0159979.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1082\A0159985.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1082\A0159993.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1082\A0160035.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160040.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160044.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160062.exe tagged as not-a-virus:AdWare.Win32.WinAD.b. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160063.dll tagged as not-a-virus:AdWare.Win32.WinAD.b. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160073.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160074.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160075.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160076.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160077.exe tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160078.vbs infected by "Trojan-Downloader.VBS.Small.f" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160079.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160081.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160082.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160084.exe tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160085.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160086.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160087.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.y. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160091.exe tagged as not-a-virus:AdWare.Win32.Xupiter.m. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160092.exe tagged as not-a-virus:AdWare.Win32.PowerScan.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160093.dll tagged as not-a-virus:AdWare.Win32.SideFind. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160094.dll tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160095.exe tagged as not-a-virus:AdWare.Win32.BlazeFind.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160096.dll tagged as not-a-virus:AdWare.Win32.BlazeFind.d. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160097.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160101.exe tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160102.exe tagged as not-a-virus:AdWare.Win32.BiSpy.f. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160103.exe tagged as not-a-virus:AdWare.Win32.180Solutions. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160105.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160106.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160107.exe tagged as not-a-virus:AdWare.Win32.BlazeFind.b. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160108.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160109.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160110.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160111.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160112.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160113.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160114.srg tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160115.dll tagged as not-a-virus:AdWare.Win32.BlazeFind.e. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160116.exe tagged as not-a-virus:AdWare.Win32.BlazeFind.a. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160117.dll tagged as not-a-virus:AdWare.Win32.BiSpy.m. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1084\A0160300.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1084\A0160305.exe tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1084\A0160306.EXE tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160771.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160772.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160775.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160776.dll infected by "Trojan.Win32.VB.jo" Virus. Action Taken: File Deleted.
File C:\WINDOWS\pss\OfficeTools.htaCommon Startup infected by "Trojan-Dropper.VBS.Inor.bt" Virus. Action Taken: File Deleted.
|
Senior Member
|
29. March 2006 @ 08:52 |
Link to this message
|
Ok, there were many malware programs in the system restore folder and eScan couldn't clean them.
Cleaning instructions:
Disable your system restore.
Instructions -> http://service1.symantec.com/support/tsgeninfo.nsf/docid/20011119...
Run a scan with eScan again. Post the results to here.
Enable your system restore.
That ZoneAlarm problem:
Have you set the internet lock on from ZoneAlarm's settings?
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
zippy1982
Newbie
|
29. March 2006 @ 11:42 |
Link to this message
|
|
Hi again :o)
Only came back with this:
File C:\!KillBox\netut80ex.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken.
Matt
xx
|
Senior Member
|
29. March 2006 @ 17:46 |
Link to this message
|
|
Ok great, you are clean now.
You had a keylogger on you computer so I suggest that you change all your online passwords. (they log keystrokes)
That file eScan found is just a backup taken by Killbox.
You can delete the folder C:\!KillBox now.
Still having problems with connection?
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 29. March 2006 @ 17:49
|
|
zippy1982
Newbie
|
29. March 2006 @ 20:35 |
Link to this message
|
|
Many thanks for all your help. This is great news :o) I can't say how grateful I am to you!!
Yeah I am still having Internet problems. I think (and it's only a guess as it was a quick experiment and could have been coincidental) that it probably is Zone Alarm. I think it's got something to do with 'Internet Zone Security'. Should that be on High or Medium? On High it doesn't always seem to let me have access?!!?!
Matt
|
|
Advertisement
|
|
|
Senior Member
|
30. March 2006 @ 07:54 |
Link to this message
|
|
You're welcome =)
Internet zone security should be "High"
Check that internet lock isn't on:
->Open ZoneAlarm
->Program Control
->Main
->Automatic lock <----is this on or off?
If it is on, ZoneAlarm will automatically lock your internet if your computer isn't in use.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
