1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: popcorn net

Discussion in 'Virus & Other Malware Removal' started by mcgregor, Jul 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    :( i keep on gettin popcon net pop ups. i have run norton antivur, adaware, windows defender. now i have run hijack this and have a log file. can anyone help.
     

    Attached Files:

  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi mcgregor

    Welcome to TSG! :)

    I'm pasting your HJT log in the thread for easier viewing. I'll go through it and post my recommendations shortly.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:26:03, on 21/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\License_Manager\license_manager.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Documents and Settings\mcg\Desktop\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: UltraBar - {A735E796-6ED4-4987-80E5-15B74020D978} - C:\PROGRA~1\ENGAGE~1\ultrabar.dll
    O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\System32\askbarAB.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} - https://tesco.autoregister.net/tesco/NTLSignup.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - http://www.gocyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17af23588f623b828b16/netzip/RdxIE601.cab
    O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/goodthinxx.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.*****harem.com/stream/mmp.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://F:\system\intralaunch.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E44151C8-0C6C-4A7D-B677-4FCC9552E957} - http://www.bcnx.com/suninfoconnect-lo.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mcgregor
    O17 - HKLM\Software\..\Telephony: DomainName = mcgregor
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D811459B-0528-432A-A7BE-DAE53ED98FFB}: NameServer = 80.225.255.50 80.225.255.58
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mcgregor
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
     
  4. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    (y)
     

    Attached Files:

  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Please copy and paste your logs in the future. It is much easier to go theough them on the board.

    3dmaze
    ABBYY FineReader 5.0 Sprint
    Ad-aware 6 Professional
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 5.0
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 6.0.1
    Adobe Stock Photos 1.0
    ArcSoft Camera Suite
    Avance AC'97 Audio
    Bricks '2000
    CardRd81
    CC_ccProxyExt
    ccCommon
    CCleaner (remove only)
    ccPxyCore
    CDBurnerXP Pro 3
    CR2
    DiskRedactor
    DivX
    DivX Player
    DivX Web Player
    Dorling Kindersley Application Database v1.4
    Easy Webscan
    Engagepoint
    ESSPDock
    FaxTools
    Google Earth
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 1.99.1
    HLPPDOCK
    Human Body Explorer
    Informations about your PC
    iSnooker
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 6
    Jump Ahead 2000 Year 1 v2.4
    Jump Ahead Starting School 2000 v2.0
    KSU
    Learning Ladder 1-2
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    [email protected]
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB886906)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Data Access Components KB870669
    Microsoft Encarta Encyclopedia Standard - WE 2002
    Microsoft Money
    Microsoft Money System Pack
    Microsoft Office XP Professional with FrontPage
    Microsoft Picture It! Photo 2002
    Microsoft Windows Journal Viewer
    Microsoft Word 2002
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0
    Microsoft Works Suite Add-in for Microsoft Word
    MSN Messenger 7.5
    MSN Toolbar
    MSRedist
    Music Manager
    Necrodome Shareware
    Norton AntiSpam
    Norton AntiSpam
    Norton AntiVirus 2006
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    Norton WMI Update
    Norton WMI Update
    NVIDIA Display Driver
    PowerDVD
    PowerVCR II
    PrintMaster Gold 3.00
    QuickTime
    SAGEM [email protected] 800-840
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    SFR
    Skype 2.0
    SPBBC
    Trust Easy Webscan 19200
    upapp
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    VideoCAM Trek
    Windows Backup Utility
    Windows Defender
    Windows Defender Signatures
    Windows Installer 3.1 (KB893803)
    Windows Media Connect
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinZip
    World Explorer
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Click here to download ATF Cleaner by Atribune and save it to your desktop.


    * Click Here and download Killbox and save it to your desktop.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


    ** Before you proceed with the removal directions below you need to turn off Windows Defender's realtime protection as it will interfere with the changes we are trying to make.

    • Open Windows Defender and click on Tools > General Settings.
    • Scroll down and remove the check by "Turn on realtime protection (recommended)".
    • Click "Save"
    • Restart your computer.
    • Leave it disabled until we are finished here.


    * Go to Add/Remove programs and uninstall these:

    Engagepoint
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 6



    * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O3 - Toolbar: UltraBar - {A735E796-6ED4-4987-80E5-15B74020D978} - C:\PROGRA~1\ENGAGE~1\ultrabar.dll

    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent

    O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17af23588f623b828b16/netzip/RdxIE601.cab

    O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/goodthinxx.cab

    O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.*****harem.com/stream/mmp.cab



    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      C:\Program Files\ENGAGE~1

      C:\Program Files\AdwareAlert

      C:\Program Files\License_Manager


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confimation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Exit the Killbox.

    * Run ATF Cleaner:
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.
          [*]NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.


    * Restart back into Windows normally now.


    * Now go here and install the latest version of Java.


    * Run ActiveScan online virus scan here

    When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from ActiveScan
     
  7. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    i could not see 03-toolbar;ultrabar-[a735e796-6ed4-4987-80e5-15b74020d978
    C:\PROGRA~1\ENGAGE~1\ultra bar in hijack this. i continued anway. i have completed ever thing you told me to. hijack this log.
    Scan saved at 12:48:39, on 22/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\mcg\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\System32\askbarAB.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} - https://tesco.autoregister.net/tesco/NTLSignup.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - http://www.gocyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://F:\system\intralaunch.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E44151C8-0C6C-4A7D-B677-4FCC9552E957} - http://www.bcnx.com/suninfoconnect-lo.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mcgregor
    O17 - HKLM\Software\..\Telephony: DomainName = mcgregor
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D811459B-0528-432A-A7BE-DAE53ED98FFB}: NameServer = 80.225.255.50 80.225.255.58
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mcgregor
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    activescan results

    Adware:adware/navhelper Not disinfected c:\program files\NavExcel
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
    Potentially unwanted tool:application/mediapipe Not disinfected hkey_classes_root\clsid\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
    Adware:adware/fastvideoplayer Not disinfected Windows Registry
    Adware:adware/weirdontheweb Not disinfected Windows Registry
    Potentially unwanted tool:application/funweb Not disinfected HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Potentially unwanted tool:Application/MediaPipe Not disinfected C:\!KillBox\License_Manager\license_manager.exe
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\mcg\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mcg\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\mcg\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/MediaPipe Not disinfected C:\WINDOWS\system32\Access.dll
    Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\CSLOA(2).DLL
    Potentially unwanted tool:Application/MediaPipe Not disinfected C:\WINDOWS\system32\entry.dll
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

    * I am attaching a fix.zip file to this post. Download it and save it to your desktop. Unzip it to extract the fix.reg file it contains.

    Doubleclick on the fix.reg file to add it to the registry. Answer yes to confirm the merge.


    * Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Double-click on Killbox.exe to run it.
    • Put a tick by Standard File Kill.
    • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

      c:\program files\NavExcel

      C:\WINDOWS\system32\Access.dll

      C:\WINDOWS\system32\CSLOA(2).DLL

      C:\WINDOWS\system32\entry.dll


    • Click on the button that has the red circle with the X in the middle after you enter each file.
    • It will ask for confimation to delete the file.
    • Click Yes.
    • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    • Killbox may tell you that one or more files do not exist.
    • If that happens, just continue on with all the files. Be sure you don't miss any.
    • Exit the Killbox.


    * Restart back into Windows normally now.


    * Run Kaspersky online virus scan here.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from Kaspersky scan
     

    Attached Files:

    • fix.zip
      File size:
      265 bytes
      Views:
      14
  9. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    hi done all that fine.kaspery KASPERSKY ONLINE SCANNER REPORT
    Saturday, July 22, 2006 8:25:36 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 22/07/2006
    Kaspersky Anti-Virus database records: 209221


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics
    Total number of scanned objects 52031
    Number of viruses found 6
    Number of infected objects 14 / 0
    Number of suspicious objects 0
    Duration of the scan process 01:16:56

    Infected Object Name Virus Name Last Action
    C:\!KillBox\Access.dll Infected: Trojan.Win32.Agent.qg skipped

    C:\!KillBox\entry.dll Infected: Trojan.Win32.Agent.qg skipped

    C:\!KillBox\License_Manager\license_manager.exe Infected: not-a-virus:AdWare.Win32.WeirWeb.e skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d65b1f830a114ab330887cff9f40022_aa853bb6-5c91-4685-826a-75a59f87b710 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07212006-194900.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-07-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\mcg\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

    C:\Documents and Settings\mcg\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\mcg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\mcg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\mcg\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CB26D28D-6A33-4B9D-9007-3126F6981F0F} Object is locked skipped

    C:\Documents and Settings\mcg\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\mcg\Local Settings\History\History.IE5\MSHist012006072220060723\index.dat Object is locked skipped

    C:\Documents and Settings\mcg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\mcg\ntuser.dat Object is locked skipped

    C:\Documents and Settings\mcg\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

    C:\Program Files\NetGuide\BHO\NG_Remover.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Small.alx skipped

    C:\Program Files\NetGuide\BHO\NG_Remover.exe/data0002 Infected: Trojan-Downloader.Win32.Small.alx skipped

    C:\Program Files\NetGuide\BHO\NG_Remover.exe NSIS: infected - 2 skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0102NAV~.TMP Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0718NAV~.TMP Object is locked skipped

    C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

    C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

    C:\System Volume Information\catalog.wci\00010013.ci Object is locked skipped

    C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

    C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

    C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP54\A0011430.exe/data0002 Infected: Trojan.Win32.Agent.qg skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP54\A0011430.exe NSIS: infected - 1 skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP67\A0015116.dll Infected: not-a-virus:AdWare.Win32.UltraBar.a skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP69\A0015334.exe Infected: not-a-virus:AdWare.Win32.WeirWeb.e skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015417.dll Infected: Trojan.Win32.Agent.qg skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015419.dll Infected: Trojan.Win32.Agent.qg skipped

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP73\change.log Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833330$\Blastcln\blastcln.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833998$\xpsp2res.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Prefetch\layout.ini Object is locked skipped

    C:\WINDOWS\s4Setp.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\askbarAB.dll Infected: not-a-virus:AdWare.Win32.AskBar.a skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_130.dat Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\74921806870bbf60cee1dc3f6f\sp2\spmsg.dll Object is locked skipped

    D:\74921806870bbf60cee1dc3f6f\sp2\spuninst.exe Object is locked skipped

    D:\74921806870bbf60cee1dc3f6f\sp2\update\eula.txt Object is locked skipped

    D:\74921806870bbf60cee1dc3f6f\sp2\update\spcustom.dll Object is locked skipped

    D:\74921806870bbf60cee1dc3f6f\sp2\update\update.exe Object is locked skipped

    D:\ac3d92d4f48bf616dc2ca0a174\sp2\spmsg.dll Object is locked skipped

    D:\ac3d92d4f48bf616dc2ca0a174\sp2\spuninst.exe Object is locked skipped

    D:\ac3d92d4f48bf616dc2ca0a174\sp2\update\eula.txt Object is locked skipped

    D:\ac3d92d4f48bf616dc2ca0a174\sp2\update\spcustom.dll Object is locked skipped

    D:\ac3d92d4f48bf616dc2ca0a174\sp2\update\update.exe Object is locked skipped

    D:\e2c00c7049df87d17b17ca\encdec.dll Object is locked skipped

    D:\e2c00c7049df87d17b17ca\sbe.dll Object is locked skipped

    D:\e2c00c7049df87d17b17ca\spmsg.dll Object is locked skipped

    D:\e2c00c7049df87d17b17ca\spuninst.exe Object is locked skipped

    D:\e2c00c7049df87d17b17ca\update\kb810243.cat Object is locked skipped

    D:\e2c00c7049df87d17b17ca\update\update.exe Object is locked skipped

    D:\e2c00c7049df87d17b17ca\update\update.inf Object is locked skipped

    D:\e2c00c7049df87d17b17ca\update\update.ver Object is locked skipped

    D:\e2c00c7049df87d17b17ca\update\verifmce.dll Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
  10. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    Logfile of HijackThis v1.99.1
    Scan saved at 20:30:04, on 22/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\mcg\My Documents\New Briefcase\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O3 - Toolbar: Ask Jeeves Bar - {43D9E6F0-1776-4897-AE14-ECEDECBAFEC0} - C:\WINDOWS\System32\askbarAB.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} - https://tesco.autoregister.net/tesco/NTLSignup.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - http://www.gocyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://F:\system\intralaunch.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E44151C8-0C6C-4A7D-B677-4FCC9552E957} - http://www.bcnx.com/suninfoconnect-lo.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mcgregor
    O17 - HKLM\Software\..\Telephony: DomainName = mcgregor
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D811459B-0528-432A-A7BE-DAE53ED98FFB}: NameServer = 80.225.255.50 80.225.255.58
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mcgregor
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    thankm u (y) (y)
     
  11. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Double-click on Killbox.exe to run it.
    • Put a tick by Delete on Reboot.
    • Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      Code:
      C:\Program Files\NetGuide\BHO\NG_Remover.exe
      C:\WINDOWS\s4Setp.exe
    • Next in Killbox go to File > Paste from clipboard
    • Click on the All Files button.
    • Next click on the button that has the red circle with the white X in the middle.
    • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
    • Click Yes and let the computer reboot.
    * After it reboots, go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

    Note: You have to use Internet Explorer to do the online scan.

    Note: The Kaspersky scan als flagged the C:\WINDOWS\system32\askbarAB.dll file as adware. That is part of the Ask Jeeves Toolbar. See the link below for more info and make your own decision as to whether to keep it or not.

    http://www.benedelman.org/spyware/installations/askjeeves-banner/
     
  12. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    BitDefender Online Scanner



    Scan report generated at: Sat, Jul 22, 2006 - 23:56:46





    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;







    Statistics

    Time
    01:25:09

    Files
    397064

    Folders
    4363

    Boot Sectors
    4

    Archives
    9179

    Packed Files
    35292




    Results

    Identified Viruses
    2

    Infected Files
    12

    Suspect Files
    4

    Warnings
    0

    Disinfected
    0

    Deleted Files
    16




    Engines Info

    Virus Definitions
    416915

    Engine build
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    5

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\!KillBox\Access.dll
    Infected with: Trojan.MovieLand.A

    C:\!KillBox\Access.dll
    Disinfection failed

    C:\!KillBox\Access.dll
    Deleted

    C:\!KillBox\entry.dll
    Infected with: Trojan.MovieLand.A

    C:\!KillBox\entry.dll
    Disinfection failed

    C:\!KillBox\entry.dll
    Deleted

    C:\!KillBox\License_Manager\license_manager.exe
    Infected with: Trojan.MovieLand.A

    C:\!KillBox\License_Manager\license_manager.exe
    Disinfection failed

    C:\!KillBox\License_Manager\license_manager.exe
    Deleted

    C:\!KillBox\NG_Remover.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.Small.ALX

    C:\!KillBox\NG_Remover.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\!KillBox\NG_Remover.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\!KillBox\NG_Remover.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)
    Update failed

    C:\!KillBox\NG_Remover.exe( 2)=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.Small.ALX

    C:\!KillBox\NG_Remover.exe( 2)=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\!KillBox\NG_Remover.exe( 2)=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\!KillBox\NG_Remover.exe( 2)=>(NSIS o)=>zlib_nsis0001=>(NSIS o)
    Update failed

    C:\Program Files\BTopenworld\PostReg.exe
    Suspected of: BehavesLike:Trojan.HangUp

    C:\Program Files\BTopenworld\PostReg.exe
    Disinfection failed

    C:\Program Files\BTopenworld\PostReg.exe
    Deleted

    C:\Program Files\Common Files\VCAMTrek\KillProc.exe
    Suspected of: BehavesLike:Win32.AV-Killer

    C:\Program Files\Common Files\VCAMTrek\KillProc.exe
    Disinfection failed

    C:\Program Files\Common Files\VCAMTrek\KillProc.exe
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP69\A0015334.exe
    Infected with: Trojan.MovieLand.A

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP69\A0015334.exe
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP69\A0015334.exe
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015417.dll
    Infected with: Trojan.MovieLand.A

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015417.dll
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015417.dll
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015419.dll
    Infected with: Trojan.MovieLand.A

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015419.dll
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP72\A0015419.dll
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP74\A0015446.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Infected with: Trojan.Downloader.Small.ALX

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP74\A0015446.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP74\A0015446.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0001
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP74\A0015446.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015463.dll
    Infected with: Trojan.MovieLand.A

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015463.dll
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015463.dll
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015464.dll
    Infected with: Trojan.MovieLand.A

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015464.dll
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015464.dll
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015465.exe
    Infected with: Trojan.MovieLand.A

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015465.exe
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015465.exe
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015466.exe
    Suspected of: BehavesLike:Trojan.HangUp

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015466.exe
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015466.exe
    Deleted

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015467.exe
    Suspected of: BehavesLike:Win32.AV-Killer

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015467.exe
    Disinfection failed

    C:\System Volume Information\_restore{C10015B0-CD0B-48DE-84E2-C4AFD2D4DB37}\RP76\A0015467.exe
    Deleted


    Logfile of HijackThis v1.99.1
    Scan saved at 00:56:09, on 23/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\mcg\My Documents\New Briefcase\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.4\lexbar.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan\ScnPanel.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} (AJ Installer Control) - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
    O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} - https://tesco.autoregister.net/tesco/NTLSignup.cab
    O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - http://www.gocyberlink.com/winxp/CheckDVD.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://F:\system\intralaunch.CAB
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E44151C8-0C6C-4A7D-B677-4FCC9552E957} - http://www.bcnx.com/suninfoconnect-lo.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mcgregor
    O17 - HKLM\Software\..\Telephony: DomainName = mcgregor
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D811459B-0528-432A-A7BE-DAE53ED98FFB}: NameServer = 80.225.255.50 80.225.255.58
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mcgregor
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    (y) :)
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    How is the computer behaving now?
     
  14. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    popcorn net has stopped. thank u very much.still behaving a wee bit funny
    when i sign in on msn it some times it signs in then says there is a problem. this also happens with internet explorer too. this has only started happening in the last couple o days. apart from that its workin better. thanx again(y) :) :D
     
  15. mcgregor

    mcgregor Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    17
    i have also reinstalled the twain driver for my scanner. got it from trust this time.will this b ok.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485173

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice