1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Netsky P - Slow Running Boot Up

Discussion in 'Virus & Other Malware Removal' started by cfm1, Dec 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. cfm1

    cfm1 Thread Starter

    Joined:
    Dec 4, 2005
    Messages:
    5
    First of all, thank you in advance for anyone responding to this post. I am very grateful for your help!

    I have a Dell Latitude 200X machine running Windows XP. About a month ago, I got the Netsky P virus. Although I have an updated Norton Antivirus program running, and I was able to quarantine the virus, my machine has been VERY slow to boot up ever since then.

    I have already downloaded Spybot Search and Destroy, Spyware Blaster, and Ad-aware, and run them. After doing so, I get the Hijack This log posted below. Could someone please tell me what I should delete to get my machine to run faster? Thank you!

    Logfile of HijackThis v1.99.1
    Scan saved at 7:54:42 AM, on 12/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\runservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Carol\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/?u
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121227097277
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,939
    Hi and welcome to TSG,


    Download Cleanup from Here
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET


    Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    Click here for info on how to boot to safe mode if you don't already know how.


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    Restart your computer into safe mode now. Perform the following steps in safe mode:


    Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop



    Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Restart back into Windows normally now.


    Do a Panda Active Scan. Be sure to save the log it creates.


    Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.
     
  3. cfm1

    cfm1 Thread Starter

    Joined:
    Dec 4, 2005
    Messages:
    5
    Dear CookieGal,

    Thank you for responding to my post this morning. I've almost completed your instructions (the scans took a long time.) Ewido came up clean, but I'm concerned about ActiveScan. It has found 34 viruses so far, but it is now stuck at "406299 Files scanned C:\WINDOWS\_DEFAULT.PIF" and I am getting a popup asking me to choose a user profile (the default is Outlook.) Is it okay to choose this profile? I normally use Firefox as my browser, and I'm concerned that if I authorize an Outlook profile, it will do something to my ability to get my e-mail, etc. from Thunderbird. And what should I do when the Panda scan is completed? Should I take any action, or just post the results to this site?

    Looking forward to your answer...

    cfm1

    P.S. - Your dog is adorable! Is that a Pomeranian?
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,939
    When you get that message about Outlook, just click on cancel and the scan will continue. Once it has terminated, you can save the log and post it here please.


    Thanks for the comment about my dog. Lady was part Spitz (which is similar to a Pomeranian only larger) and part Shetland. She is no longer with me and I still miss her.
     
  5. cfm1

    cfm1 Thread Starter

    Joined:
    Dec 4, 2005
    Messages:
    5
    Dear Cookiegal,

    I hope you're still around - sorry it took me so long to do this. Here are the log files you requested. The Panda one really scares me - is this the program I should be using for security instead of Norton, or is this just a way of getting me to buy the program?

    Thanks for your advice,

    Carol

    Ewido:

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 11:58:44 AM, 12/4/2005
    + Report-Checksum: E9F5165

    + Scan result:

    No infected objects found.


    ::Report End

    Panda:

    Incident Status Location

    Virus:Trj/Citifraud.A Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\ImapMail\imap.csuhayward.edu\INBOX[~0001770.~]
    Virus:Trj/Mitglieder.DQ Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\ImapMail\imap.csuhayward.edu\INBOX[f22-013.exe]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[my_list01.pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[~0001222.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[message.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[document.txt .exe]
    Virus:Trj/Mitglieder.EW Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[text.exe]
    Virus:Trj/Mitglieder.EW Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[price_20.exe]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[my_numbers_cfm1.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[details.txt .pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[~0008153.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[message.scr]
    Virus:W32/Sober.Y.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[PW_Klass.Pic.packed-bitmap.exe]
    Virus:Trj/Mitglieder.FN Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[1.exe]
    Virus:Bck/Ryknos.B Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[article_december_3967.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.D Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.C Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[File-packed_dataInfo.exe]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0001222.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[details.pif]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[details.txt .pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0019864.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0028198.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[document.txt .exe]
    Virus:Trj/Mitglieder.EW Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[price_20.exe]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[details.txt .pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0034183.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:Trj/Mitglieder.FN Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[1.exe]
    Virus:Bck/Ryknos.B Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[article_december_3967.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.D Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.C Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[File-packed_dataInfo.exe]
    Virus:Bck/Ryknos.B Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Trash[article_december_3967.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Trash[File-packed_dataInfo.exe]
    Virus:Exploit/ObjectData Not disinfected C:\Program Files\Netscape\Users\2004\Mail\Inbox[~0000765.~]
    Virus:Exploit/ObjectData Not disinfected C:\Program Files\Netscape\Users\2004\Mail\Trash[~0000743.~]


    Hijack This:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:59:15 PM, on 12/7/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\runservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\BRSPL01A.EXE
    C:\Documents and Settings\Carol\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.dell.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton

    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program

    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject

    Launcher V1\CDEJECT.EXE"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD

    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ADUserMon] C:\Program

    Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program

    Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe

    /IMGSTART
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

    C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23

    "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program

    Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program

    Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

    - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

    Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

    _site.cab?1121227097277
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl

    Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

    Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

    C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision -

    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation

    - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program

    Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation -

    C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -

    C:\WINDOWS\runservice.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec

    Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

    Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

    AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) -

    Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,939
    The HijackThis log is difficult to read. Please post it again and be sure that in Notepad, "word wrap" is checked under "format".
     
  7. cfm1

    cfm1 Thread Starter

    Joined:
    Dec 4, 2005
    Messages:
    5
    Dear Cookiegal,

    Sorry for the last post. I hope this one will be better for you.

    Carol
    cfm1

    Logfile of HijackThis v1.99.1
    Scan saved at 1:59:15 PM, on 12/7/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\runservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\BRSPL01A.EXE
    C:\Documents and Settings\Carol\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121227097277
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,939
    Clear out your Thunderbird Trash and Junk folders and then run another Panda scan and post the results please.
     
  9. cfm1

    cfm1 Thread Starter

    Joined:
    Dec 4, 2005
    Messages:
    5
    I deleted the junk and trash, then ran Clean Up, Panda, and Hijack This (just in case.) Results are below - it still looks like Pand is finding a lot of things in the Junk folders - I don't know why unless it has something to do with the Quarantine function in Norton AntiVirus.

    Hijack This:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:17:41 PM, on 12/8/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\runservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Carol\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [CD-Eject Launcher V1] "C:\Program Files\CD-Eject Launcher V1\CDEJECT.EXE"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"
    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121227097277
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    Panda

    Incident Status Location

    Virus:Trj/Citifraud.A Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\ImapMail\imap.csuhayward.edu\INBOX[~0001770.~]
    Virus:Trj/Mitglieder.DQ Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\ImapMail\imap.csuhayward.edu\INBOX[f22-013.exe]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[my_list01.pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[~0001222.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[message.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[document.txt .exe]
    Virus:Trj/Mitglieder.EW Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[text.exe]
    Virus:Trj/Mitglieder.EW Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[price_20.exe]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[my_numbers_cfm1.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[details.txt .pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[~0008153.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[message.scr]
    Virus:W32/Sober.Y.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[PW_Klass.Pic.packed-bitmap.exe]
    Virus:Trj/Mitglieder.FN Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[1.exe]
    Virus:Bck/Ryknos.B Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[article_december_3967.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.D Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.C Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Inbox[File-packed_dataInfo.exe]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0001222.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[details.pif]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[details.txt .pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0019864.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0028198.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[document.txt .exe]
    Virus:Trj/Mitglieder.EW Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[price_20.exe]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[details.txt .pif]
    Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[~0034183.~]
    Virus:W32/Netsky.P.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[message.scr]
    Virus:Trj/Mitglieder.FN Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[1.exe]
    Virus:Bck/Ryknos.B Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[article_december_3967.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.D Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[File-packed_dataInfo.exe]
    Virus:Bck/Breplibot.C Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[Photo and Article.exe]
    Virus:W32/Sober.AH.worm Not disinfected C:\Documents and Settings\Carol\Application Data\Thunderbird\Profiles\default\z29zr1go.slt\Mail\pop3.concentric.net\Junk[File-packed_dataInfo.exe]
    Virus:Exploit/ObjectData Not disinfected C:\Program Files\Netscape\Users\2004\Mail\Inbox[~0000765.~]
    Virus:Exploit/ObjectData Not disinfected C:\Program Files\Netscape\Users\2004\Mail\Trash[~0000743.~]
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,939
    Do these on-line virus scans:

    Housecall


    Kaspersky

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
    • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/422281

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice