1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Explorer script issue- Highjack this log included

Discussion in 'Virus & Other Malware Removal' started by beanofied, Jul 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. beanofied

    beanofied Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    5
    Hi, Ive got issues with explorer, error messages occur on start up and then windows (XP) shuts down automatically when it feels like it.

    highjack this log -

    Logfile of HijackThis v1.99.1
    Scan saved at 16:43:39, on 26/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: 123WashAll BHO - {3D1B06AB-EF14-4FF9-871A-9B023FA28A7E} - C:\WINDOWS\System32\IEAdsFilter.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CIEPl Object - {606ECF46-37AE-4B83-A71B-0066B32FA62B} - C:\WINDOWS\System32\service.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {954B92FB-6479-40A7-AFA5-C0E057347FB7} - C:\WINDOWS\System32\abjmpiex.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: dwxjwyhf - C:\WINDOWS\SYSTEM32\dwxjwyhf.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mparrrmx - C:\WINDOWS\SYSTEM32\mparrrmx.dll
    O20 - Winlogon Notify: service - C:\WINDOWS\SYSTEM32\service.dll
    O20 - Winlogon Notify: sojdgwdt - C:\WINDOWS\SYSTEM32\sojdgwdt.dll
    O20 - Winlogon Notify: ugovdkag - C:\WINDOWS\SYSTEM32\ugovdkag.dll
    O20 - Winlogon Notify: xltvnhci - C:\WINDOWS\SYSTEM32\xltvnhci.dll
    O21 - SSODL: IEFilter - {31A08BD4-3E04-4569-BBBB-59D773ECD276} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  3. beanofied

    beanofied Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    5
    Hi, I finally got round to doing the suggested scans here are the logs

    'HI JACK THIS' LOG


    Logfile of HijackThis v1.99.1
    Scan saved at 21:33:33, on 10/08/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {100F22E0-4EC0-46EF-9C33-173CC3F93522} - C:\WINDOWS\System32\jsymucjo.dll
    O2 - BHO: 123WashAll BHO - {3D1B06AB-EF14-4FF9-871A-9B023FA28A7E} - C:\WINDOWS\System32\IEAdsFilter.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CIEPl Object - {606ECF46-37AE-4B83-A71B-0066B32FA62B} - C:\WINDOWS\System32\service.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {954B92FB-6479-40A7-AFA5-C0E057347FB7} - C:\WINDOWS\System32\uxnggxrx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\RunOnce: [Panda_cleaner_296073] C:\WINDOWS\System32\ActiveScan\pavdr.exe xPanda ActiveScan 296073
    O4 - HKLM\..\RunOnce: [Panda_cleaner_290716] C:\WINDOWS\System32\ActiveScan\pavdr.exe xPanda ActiveScan 290716
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program files\BitComet\BitComet.exe"
    O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: auamapid - C:\WINDOWS\SYSTEM32\auamapid.dll
    O20 - Winlogon Notify: dwxjwyhf - C:\WINDOWS\SYSTEM32\dwxjwyhf.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mparrrmx - C:\WINDOWS\SYSTEM32\mparrrmx.dll
    O20 - Winlogon Notify: nhayyalv - C:\WINDOWS\SYSTEM32\nhayyalv.dll
    O20 - Winlogon Notify: service - C:\WINDOWS\SYSTEM32\service.dll
    O20 - Winlogon Notify: sojdgwdt - C:\WINDOWS\SYSTEM32\sojdgwdt.dll
    O20 - Winlogon Notify: ugovdkag - C:\WINDOWS\SYSTEM32\ugovdkag.dll
    O20 - Winlogon Notify: woxkgbco - C:\WINDOWS\SYSTEM32\woxkgbco.dll
    O20 - Winlogon Notify: xltvnhci - C:\WINDOWS\SYSTEM32\xltvnhci.dll
    O20 - Winlogon Notify: yuxnbttc - C:\WINDOWS\SYSTEM32\yuxnbttc.dll
    O21 - SSODL: IEFilter - {31A08BD4-3E04-4569-BBBB-59D773ECD276} - C:\WINDOWS\system32\IEFilter.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




    ---------------------------------------------------------
    ewido anti-spyware - Scan Report---------------------------------------------------------

    + Created at: 17:24:09 10/08/2006

    + Scan result:



    C:\WINDOWS\system32\IEFilter.dll -> Logger.Small.ez : No action taken.
    C:\C drive Desktop things\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
    C:\Documents and Settings\Owner\My Documents\EvID4226Patch223d-en.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : No action taken.
    :mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x8p07r00.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.7search : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x8p07r00.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
    :mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x8p07r00.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
    :mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x8p07r00.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
    :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
    :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : No action taken.
    :mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x8p07r00.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : No action taken.
    :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : No action taken.
    :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : No action taken.
    :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Findwhat : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : No action taken.
    :mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
    :mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
    :mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
    :mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Lasvegasusacasino : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Paycounter : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Spylog : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x8p07r00.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
    :mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
    :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : No action taken.
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : No action taken.
    :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wz53hsvp.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


    ::Report end
     
  4. beanofied

    beanofied Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    5
    ACTIVE PANDA SCAN REPORT

    ACTIVE PANDA SCAN


    Incident Status Location

    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDMN0TQ7\CAP821PF.html
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wmmusqvt.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddeilfxs.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bjcvghmv.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nmnjlvgt.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pdgffdbl.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aqalvvjl.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xppxrevy.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\sbglsvib.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jkauarag.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ihsbakex.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nqjfgafw.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nnjvxema.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wurlowde.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fhruhhgb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xafstcts.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fhglvxco.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\myifryhf.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cjaqycvy.dll
    Virus:Trj/Downloader.JQX Disinfected C:\WINDOWS\system32\vrioxaaa.exe
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\mparrrmx.dll
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\nhayyalv.dll
    Virus:Trj/SrchSpy.A Disinfected C:\WINDOWS\system32\Service.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hmpsyrcl.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cwdxcloc.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bgtyldgw.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\symhwcfq.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\prpyacye.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kevyslrq.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dkopovdd.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mniobpfu.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bybjtgjb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xgmssqcw.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cybdbwrb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cimrqhyn.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dltclvge.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ijwtlsiy.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lsfndkec.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ryiycsmk.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\uobxbuee.dll
     
  5. beanofied

    beanofied Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    5
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\arjepqdu.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ogilpdgg.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\drhqtlmr.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fyngihcm.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tlkyajam.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yuylwlep.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\askdqxqb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\odjtnhri.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\janrqkxb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\drckbrvw.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\werlnvnd.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vsshvxsd.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jwwouxsm.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xyxyyfsr.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ebkumcng.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\oeknsmgw.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wdkpumll.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\anhwbkup.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qycfprrw.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\idnehasq.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\djbsffro.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\eqaeudqs.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\blwabjdu.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vllicnwk.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\emltrukb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wktiwbrk.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\abjmpiex.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ihtxdako.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wblfdptk.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\prbtfoso.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wbqdnpgm.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gvgqjkkr.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mabgffdl.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fwsltpjn.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mbfhxgfr.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\exfgjsmb.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wdlfvojp.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\chncaseg.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\txxejloe.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\loifgqaf.dll
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\sojdgwdt.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mcwqkdij.dll
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\xltvnhci.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\csdtnyqs.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kloqfmxo.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\uxnggxrx.dll
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\ugovdkag.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yuxnbttc.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\woxkgbco.dll
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\system32\dwxjwyhf.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\auamapid.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\Temp\2E.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\2.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\3.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\4.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\5.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\6.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\7.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\8.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\9.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\A.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\B.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\C.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\10.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\12.tmp
    Virus:Trj/ChampMailer.A Disinfected C:\WINDOWS\Temp\13.tmp
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\Temp\34.tmp
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\Temp\36.tmp


    my thanks to anyone that may be able to help :)

    (sorry about the excessive posting, character limit :s )
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please rerun Ewido and have it quarantine everything it finds.

    Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
     
  7. beanofied

    beanofied Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    5
    VundoFix V5.1.7

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 19:36:28 11/08/2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...




    Logfile of HijackThis v1.99.1
    Scan saved at 19:47:13, on 11/08/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {100F22E0-4EC0-46EF-9C33-173CC3F93522} - C:\WINDOWS\System32\draprqtk.dll
    O2 - BHO: 123WashAll BHO - {3D1B06AB-EF14-4FF9-871A-9B023FA28A7E} - C:\WINDOWS\System32\IEAdsFilter.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CIEPl Object - {606ECF46-37AE-4B83-A71B-0066B32FA62B} - C:\WINDOWS\System32\service.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {954B92FB-6479-40A7-AFA5-C0E057347FB7} - C:\WINDOWS\System32\draprqtk.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program files\BitComet\BitComet.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: auamapid - auamapid.dll (file missing)
    O20 - Winlogon Notify: axcdqreo - axcdqreo.dll (file missing)
    O20 - Winlogon Notify: dwxjwyhf - dwxjwyhf.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: mparrrmx - mparrrmx.dll (file missing)
    O20 - Winlogon Notify: nhayyalv - nhayyalv.dll (file missing)
    O20 - Winlogon Notify: service - C:\WINDOWS\SYSTEM32\service.dll
    O20 - Winlogon Notify: sojdgwdt - sojdgwdt.dll (file missing)
    O20 - Winlogon Notify: ugovdkag - ugovdkag.dll (file missing)
    O20 - Winlogon Notify: woxkgbco - woxkgbco.dll (file missing)
    O20 - Winlogon Notify: xltvnhci - xltvnhci.dll (file missing)
    O20 - Winlogon Notify: yuxnbttc - yuxnbttc.dll (file missing)
    O21 - SSODL: IEFilter - {31A08BD4-3E04-4569-BBBB-59D773ECD276} - C:\WINDOWS\system32\IEFilter.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet. We will use it later.

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486577

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice