1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need to removing trojan and others maybe?

Discussion in 'Virus & Other Malware Removal' started by heliocentric, Jan 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    i seem to have a program called 'winupdates.exe that loads whenever i start up windows and uses all the cpu. how do i remove it?? i may have other problems...here is my hjt log

    thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 19:35:15, on 21/01/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Documents and Settings\Alex L\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
    O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15009/CTSUEng.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15010/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    Hi and welcome to TSG,

    Download Cleanup from Here
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET


    Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    Click here for info on how to boot to safe mode if you don't already know how.


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    Restart your computer into safe mode now. Perform the following steps in safe mode:


    Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop



    Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once it’s done, close the program.


    Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Restart back into Windows normally now.


    Do a Panda Active Scan. Be sure to save the log it creates.


    Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.
     
  3. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    thanks for the advice! i will do this later tonight and get back to u
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    That's fine. :)
     
  5. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    ok i ran clean up and tried to run ewido but it was taking so long i gave up (20mins for just 1%!)...

    i removed the winupdate exe from the start up it seems to of helped heres the hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 13:29:30, on 22/01/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Notepad.exe
    C:\my programs\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
    O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15009/CTSUEng.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15010/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  6. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    and heres the active scan log...it seemed to remove alot of virus!


    Incident Status Location

    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Alex L\Application Data\Mozilla\Firefox\Profiles\36xdf32b.Default User\cookies.txt[]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alex L\Application Data\Mozilla\Firefox\Profiles\bss9r1ct.default\cookies.txt[]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\0DayDB Script.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\3DMark06 Build 1.0.2.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\AcdSee 7.0.43 PowerPack.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\AceHTML 6.01.3.Pro.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Adobe Audition 1.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Adobe PageMaker 7.0.1.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\AntiTracer 1.3.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\AnyDVD 3.9.1.1.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Black And White.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\BubbleDiff 2.1.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\CDMenuPro 4.00.09.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Cerberus FTP Server 2.2.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Circuitmaker 2000.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\CloneDVD 3.0.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Color Impact 2.7.0.363.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Cookie Remover Platinum 2004 1.0.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Corel DRAW Graphics Suite 12.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Crazy Talk 4.0 Media Studio.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Dr.DivX 1.0.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Duran Duran - Live in London (DVD 2006) - Pop.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\DVD Region-CSS Free 5.58.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\DVD X Player Professional 3.0.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\DVDIdle Pro 5.58.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Extensis Photo Frame 2.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\FlashFXP 3.3.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Football Manager 2006.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Full Video Converter 2.8.9.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Ice Age.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Intelore Matrix Reality 3D Screensaver.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Internet Download Manager 4.02.3.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Internet Explorer Beta 2 (Build 5299).zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Internet ScreenSaver Builder 5.10.040901.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\IP-Tools 2.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\IpInterceptor 2.1.9.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\J.River Media Center 11.0.283.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Kerio WinRoute Firewall 6.1.4.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\LiteMail 2.41.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Magic Utilities 2004 3.20.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\MedianSoft Joiner-Converter 2.7.1.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\MemoriesOnTV 2.1.7.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Munich (2006) - Soundtrack.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Nero Media Player 1.4.0.25.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\NeroMix 1.4.0.25.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\No One Lives Forever.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\No1 Video Converter 3.4.7.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Opera 7.60 Preview 2.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Panda Platinum Internet Security 2004.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\PC Cillin Internet Security 2005 12.0.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Photosketch 1.0.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Queen - A Night at the Opera ROCK.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\QuickTime Pro 6.5.2.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Rapidshare leecher 4.4.87.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Recover My Files 2.53.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Recover My Files 3.9.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Registry Mechanic 3.0.2.36.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Registry Rescue 1.10.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Rollercoaster Tycoon 3.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\SearchMaestro 1.1.0.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Serv-U 5.1 Corporate.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Shrek 2.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\SiSoftware Sandra Professional Unicode SR2a.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Splinter Cell Chaos Theory.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Spy Cleaner Pro 8.0.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Startup Organizer 2.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Super Video Converter 1.3.3.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Sway - This Is My Demo (Promo 2006) - Hip Hop.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Symantec Norton AntiSpam 2004.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Toto - Falling In Between (2006) - Rock.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Trash It 1.80.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\VA - Big Mike - The Big Boy Game Vol.9 (2005) - Hip Hop.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\VA - Chill House Volume 12 (2005) - Lo-Fi.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\VA - Club Hits Vol.13 (2005) - Club - CD1 CD2.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\VA - Estoy Por Ti (2005) - Pop.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected
     
  7. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    CONT...

    C:\Documents and Settings\Alex L\Complete\VA - Giga Hits Zima (2006) - Dance.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\VideoCharge 2.3.2.22.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Virtual CD 6.0.0.5.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\Web Cache Illuminator 4.6.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\WebPosition Pro 4.0.753.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\WinDVD Platinum 6.0.6.56.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Alex L\Complete\WinRAR Crystal Special.zip[Setup.exe]
    Virus:W32/Alcan.A.worm Disinfected
    C:\Documents and Settings\Alex L\Complete\XoftSpy 3.44.zip[Setup.exe]
    Adware:Adware/MediaTickets Not disinfected C:\eied_s7.cab
    Adware:Adware/MediaTickets Not disinfected C:\eied_s7.cab[eied_s7_c_77.exe]
    Adware:Adware/MediaTickets Not disinfected C:\eied_s7.cab[eied.inf]
    Virus:W32/Alcan.A.worm Disinfected C:\Program Files\winupdates\a.zip[Setup.exe]
    Adware:Adware/Aurora Not disinfected C:\WINDOWS\system32\kivbih.exe
    Adware:Adware/Aurora Not disinfected C:\WINDOWS\system32\ogxrrh.exe
    Adware:Adware/Aurora Not disinfected C:\WINDOWS\system32\vnwwgvd.exe
    Adware:Adware/Aurora Not disinfected C:\WINDOWS\system32\vssdjuh.exe
    Adware:Adware/Aurora Not disinfected C:\WINDOWS\system32\vtvmfc.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    Click Here and download Killbox and save it to your desktop but don’t run it yet.


    Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


    Then boot to safe mode:


    How to restart to safe mode


    Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      C:\eied_s7.cab

      C:\eied_s7_c_77.exe

      C:\eied.inf

      C:\WINDOWS\system32\kivbih.exe

      C:\WINDOWS\system32\ogxrrh.exe

      C:\WINDOWS\system32\vnwwgvd.exe

      C:\WINDOWS\system32\vssdjuh.exe

      C:\WINDOWS\system32\vtvmfc.exe


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confirmation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Next in Killbox go to Tools > Delete Temp Files
    • In the window that pops up, put a check by ALL the options there except these three:
      • XP Prefetch
      • Recent
      • History
    • Now click the Delete Selected Temp Files button.
    • Exit the Killbox.


    Boot back to Windows normally and post another HijackThis log please.

    Also, please run another Panda scan and post the results as well.
     
  9. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    ok i followed your instructions! here is the hjt log -

    Logfile of HijackThis v1.99.1
    Scan saved at 10:02:33, on 23/01/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\my programs\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
    O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su-newocx/ocx/15009/CTSUEng.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su-newocx/ocx/15010/CTPID.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    and heres the panda scan...still seemed to find some problems

    Incident Status Location

    Adware:Adware/Aurora Not disinfected C:\!KillBox\kivbih.exe
    Adware:Adware/Aurora Not disinfected C:\!KillBox\ogxrrh.exe
    Adware:Adware/Aurora Not disinfected C:\!KillBox\vnwwgvd.exe
    Adware:Adware/Aurora Not disinfected C:\!KillBox\vssdjuh.exe
    Adware:Adware/Aurora Not disinfected C:\!KillBox\vtvmfc.exe
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Alex L\Application Data\Mozilla\Firefox\Profiles\36xdf32b.Default User\cookies.txt[]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alex L\Application Data\Mozilla\Firefox\Profiles\bss9r1ct.default\cookies.txt[]
     
  10. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    what should i do next?

    p.s am i finding it very hard to scan using the panda scan because my computer shuts down half way throught because of the hight cpu usage, i have mentioned this in another thread in the windows section
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    Boot to safe mode.


    • Double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


      C:\WINDOWS\system32\CMD.COM

      C:\WINDOWS\system32\netstat.com

      C:\WINDOWS\system32\ping.com

      C:\WINDOWS\system32\regedit.com

      C:\WINDOWS\system32\tasklist.com

      C:\WINDOWS\system32\taskkill.com

      C:\WINDOWS\system32\taskmgr.com

      C:\WINDOWS\system32\tracert.com


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it

    Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

    Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.


    Reboot and let me know if things have improved.
     
  12. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    i followed your instructions but killbot didnt find any of those files.....

    do i need to remove the files that have been put in the killbot folder using killbot? the panda scan still detected them as a threat...

    thanks alot
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,048
    You can delete the folder C:\!KillBox

    How are things running now?
     
  14. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
    things seem to be running well thanks. i ran another panda scan heres the report -


    Incident Status Location

    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Alex L\Application Data\Mozilla\Firefox\Profiles\36xdf32b.Default User\cookies.txt[]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alex L\Application Data\Mozilla\Firefox\Profiles\bss9r1ct.default\cookies.txt[]

    ----------------------------------------------------------------------------------

    what can i do about these?

    thanks alot
     
  15. heliocentric

    heliocentric Thread Starter

    Joined:
    Jan 16, 2006
    Messages:
    71
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436013

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice