1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.small.fb and Downloader agent.uj

Discussion in 'Virus & Other Malware Removal' started by mcjosu, Aug 8, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Trojan.small.fb and Downloader agent.uj identified by ewido but error in cleaning, unable to remove
    Hijackthislog below

    Logfile of HijackThis v1.99.1
    Scan saved at 21:07:11, on 08/08/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WWW.BLUEYONDER.CO.UK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [dmriy.exe] C:\WINDOWS\System32\dmriy.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.94,85.255.112.132
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4461B0CD-F09C-40E3-BD05-6C56B1C4905B}: NameServer = 85.255.114.94,85.255.112.132
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout

    http://downloads.subratam.org/Fixwareout.exe


    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [dmriy.exe] C:\WINDOWS\System32\dmriy.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.94,85.255.112.132

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4461B0CD-F09C-40E3-BD05-6C56B1C4905B}: NameServer = 85.255.114.94,85.255.112.132

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.94 85.255.112.132

    If you have connection problems after this

    * Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
    · Double-click the Network Connections icon
    · Right-click the Local Area Connection icon and select Properties.
    · Hilight Internet Protocol (TCP/IP) and click the Properties button.
    · Be sure Obtain DNS server address automatically is selected.
    · OK your way out.


    * Go to Start > Run and type in cmd
    · Click OK.
    · This will open a commad prompt.
    · Type or copy and paste the following line in the command window:

    ipconfig /flushdns
    · Hit Enter
    · Exit the command window

    Do that before you restart.

    =============
    At the end of the fix, you may need to restart your computer again.

    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

    ==================================
    If you get an Autoexec nt error do the following

    XP Fix - http://www.visualtour.com/downloads/

    Scroll down to get XP Fix

    And run FixWareout again.
     
  3. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Action taken
    Hijackthis and Fixware reports below

    Logfile of HijackThis v1.99.1
    Scan saved at 13:09:54, on 09/08/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



    Fixwareout ver 1.003
    Last edited 07/1/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF5E8D77DEEB-22AB-6384-2BE8-FE7DA158{
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\yirmd
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is legitimate

    »»»»» Search by size and names...

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    Other suspects
    Directory of C:\WINDOWS\system32
    {7ABFE012-5C1D-42B9-8BC6-87DDDD7F4241}.exe
    {904F9468-C45D-4333-95B1-A732509BEFCF}.exe
    {BD4246E7-AD22-4954-97AF-D654ED11F356}.exe
    {07618BBD-3714-44D3-BA23-13C5772393EF}.exe
    {69D228EA-98AB-4FC7-83A6-3741ECD2E8E7}.exe
    {C3FDCB33-E53E-4094-8ACB-8129AA8E8CA1}.exe
    {EA516AA8-EDED-4685-AA7D-807D880B4D07}.exe
     
  4. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Unable to open Internet explorer via desktop icon Also when Control panel icon clicked all icons on my dektop disappear then reappear but no access to Control Panel
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    http://www.pandasoftware.com/products/activescan.htm

    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Post a new HiJackThis log along with the results from ActiveScan
     
  6. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Incident Status Location

    Dialer:Dialer.BLA Not disinfected C:\bB0.exe
    Dialer:Dialer.ABF Not disinfected C:\Documents and Settings\John\Application Data\MP3ToTheMax.exe
    Potentially unwanted tool:Application/UnSpyPC Not disinfected C:\Documents and Settings\John\Application Data\PC Tools\Spyware Doctor\quarantine\Temp\0000005A.000[MSOData]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\John\Desktop\smitRem.exe[smitRem/Process.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\001_LightSeeds(01-10).rar[Download_Agreement.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\001_LightSeeds(01-10).rar[Mp3-Hits_Finder.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\001_LightSeeds(01-10).rar[Mp3_Sound-Definition.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\001_LightSeeds(01-10).rar[Music-Video_Search.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\001_LightSeeds(01-10).rar[Download_Accelerator.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\002_LightSeeds(11-20).rar[Download_Agreement.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\002_LightSeeds(11-20).rar[Mp3-Hits_Finder.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\002_LightSeeds(11-20).rar[Mp3_Sound-Definition.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\002_LightSeeds(11-20).rar[Music-Video_Search.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\002_LightSeeds(11-20).rar[Download_Accelerator.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\WorldOfMann_Second.rar[Download_Agreement.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\WorldOfMann_Second.rar[Mp3-Hits_Finder.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\WorldOfMann_Second.rar[Mp3_Sound-Definition.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\lighhtning\WorldOfMann_Second.rar[Music-Video_Search.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\tool\001_Tool10k.rar[Download_Agreement.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\tool\001_Tool10k.rar[Free_Mp3-SearchEngine.exe]
    Adware:Adware/Gimmy Not disinfected C:\tmp\tool\001_Tool10k.rar[Mp3_License.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\001_UnderIronSea(01-06).rar[Download_Agreement.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\001_UnderIronSea(01-06).rar[Mp3-Hits_Finder.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\001_UnderIronSea(01-06).rar[Mp3_Sound-Definition.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\001_UnderIronSea(01-06).rar[Music-Video_Search.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\002_UnderIronSea(07-11).rar[Download_Agreement.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\002_UnderIronSea(07-11).rar[Mp3-Hits_Finder.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\002_UnderIronSea(07-11).rar[Mp3_Sound-Definition.exe]
    Adware:Adware/NewAds Not disinfected C:\tmp\yeah\002_UnderIronSea(07-11).rar[Music-Video_Search.exe]
    Dialer:Dialer.DZE Not disinfected C:\WINDOWS\Downloaded Program Files\msa64chk.inf
    Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.exe.temp
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{07618BBD-3714-44D3-BA23-13C5772393EF}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{07618BBD-3714-44D3-BA23-13C5772393EF}.exe[KillAndCleanUpdate.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{69D228EA-98AB-4FC7-83A6-3741ECD2E8E7}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{69D228EA-98AB-4FC7-83A6-3741ECD2E8E7}.exe[KillAndCleanUpdate.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{7ABFE012-5C1D-42B9-8BC6-87DDDD7F4241}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{7ABFE012-5C1D-42B9-8BC6-87DDDD7F4241}.exe[KillAndCleanUpdate.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{904F9468-C45D-4333-95B1-A732509BEFCF}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{904F9468-C45D-4333-95B1-A732509BEFCF}.exe[KillAndCleanUpdate.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{BD4246E7-AD22-4954-97AF-D654ED11F356}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{BD4246E7-AD22-4954-97AF-D654ED11F356}.exe[KillAndCleanUpdate.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{C3FDCB33-E53E-4094-8ACB-8129AA8E8CA1}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{C3FDCB33-E53E-4094-8ACB-8129AA8E8CA1}.exe[KillAndCleanUpdate.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{EA516AA8-EDED-4685-AA7D-807D880B4D07}.exe[KillAndClean.exe]
    Potentially unwanted tool:Application/Kill&Clean Not disinfected C:\WINDOWS\SYSTEM32\{EA516AA8-EDED-4685-AA7D-807D880B4D07}.exe[KillAndCleanUpdate.exe]
    Logfile of HijackThis v1.99.1
    Scan saved at 18:39:29, on 09/08/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Delete as many of those files in the Panda report as you can

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  8. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    21:00: Removal process completed. Elapsed time 00:00:36
    21:00: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST1A8.tmp". Reason: The system cannot find the file specified
    21:00: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    21:00: Quarantining All Traces: euniverse
    21:00: Quarantining All Traces: delfin
    21:00: Quarantining All Traces: clickyes2enter dialer
    21:00: Quarantining All Traces: cws_ns3
    21:00: Quarantining All Traces: 180search assistant/zango
    21:00: Quarantining All Traces: isearch desktop search
    21:00: Removal process initiated
    20:40: Traces Found: 9
    20:40: Full Sweep has completed. Elapsed time 00:39:54
    20:40: File Sweep Complete, Elapsed Time: 00:37:46
    20:40: Warning: Stream read error
    20:40: Warning: Stream read error
    20:39: Error: '1]' is not a valid integer value.
    20:37: Warning: Stream read error
    20:37: Warning: Stream read error
    20:37: Warning: Stream read error
    20:31: Warning: Failed to access drive E:
    20:31: Warning: Failed to access drive D:
    20:31: c:\windows\~glc0000.tmp:pomekm (ID = 56601)
    20:31: c:\windows\~glc0000.tmp:aygtex (ID = 56601)
    20:31: Found Adware: cws_ns3
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\89mbcp2f\imgres[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\fdogo7f3\_w0qqsasszevans2004q2d2005q2d2006[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\xcfm37dz\myebaysummary;tile=1;dcopt=ist;pos=1;sz=150x36;ord=1117920417229;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\8naf4bw3\keywords;kw=ny+form;tn=1;list=all;sz=468x60;ord=1154788199749;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\ozmpcx63\google.co[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\fjl3ftw8\ebay.co[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\op2jgdm7\198758[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\g5mr8d2f\_w0qqgotopagez1qqsassztwidle2qqsorecordsperpagez50qqsosortorderz1qqsosortpropertyz1[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temp\temporary internet files\content.ie5\ifwzyxsb\myebayselling;dcopt=ist;pos=1;ssmt=none;sstt=none;ssrt=none;ssat=none;spmt=none;ups=false;sz=150x36;tile=1;ord=1153677532171;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\m1w7i9st\c-k-one-summer-new-fragrance-perfume-100ml_w0qqitemz9532847396qqihz007qqcategoryz11847qqtczphotoqqrdz1qqcmdzviewitem[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\0hinsxyb\myebayselling;dcopt=ist;pos=1;ssmt=none;sstt=none;ssrt=none;ssat=none;spmt=none;ups=false;sz=150x36;tile=1;ord=1152878787890;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\gr101s5m\keywords;kw=sky+hd+digibox;dcopt=ist;tcat=293;items=1;sz=440x198;tile=5;ord=1148914855318;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\eh2rajwx\one-for-all-cordless-audio-video-sender_w0qqitemz9718054005qqcategoryz109016qqrdz1qqcmdzviewitem[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\idg3y5m5\imgres[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\idg3y5m5\images[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\e32r6x6z\keywords;kw=el+pea;cat=11233;cat=1071;cat=20800;tn=1;list=all;sz=468x60;ord=1148657602957;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\yr23e1yz\jewellery-watches_watches_w0qqfromzr4qqlopgz3qqsacategoryz40133qqsocmdzlistingitemlist[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\2945clur\imgres[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\i5i9ipoj\imgad[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\26i19x4l\keywords;kw=harvest;cat=11233;cat=1071;cat=20800;dcopt=ist;tcat=43707;items=383;sz=440x198;tile=5;ord=1148410497280;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\8pcv8vkv\keywords;kw=island;cat=11233;cat=1071;cat=20800;dcopt=ist;tcat=43707;items=565;sz=440x198;tile=5;ord=1148410420811;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\0527sl6b\keywords;kw=keane;cat=11233;tn=1;list=all;sz=468x60;ord=1149276560811;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\paul\local settings\temporary internet files\content.ie5\pv9n804x\ebay.co[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\v3pxppdm\getmsg[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\wv2sw8v0\home;dcopt=ist;sz=468x60;ord=7122057964903906[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\26i19x4l\keywords;kw=island;cat=11233;tn=1;list=all;sz=468x60;ord=1149275961514;[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\znp7v58w\search[1].". The operation completed successfully
    20:30: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\cxb29rdz\keywords;kw=the+kooks;cat=11233;dcopt=ist;tcat=1049;items=179;sz=440x198;tile=5;ord=1151270945717;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\452bw12n\gigsearch[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\cc0tha9c\sylvac-pottery-large-sad-faced-dog-2951_w0qqitemz7401824095qqcategoryz70086qqrdz1qqcmdzviewitem[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\pmh2x5ys\myebayforguestssummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1152288232909;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\yqdc3kfl\keywords;kw=dab+cd;dcopt=ist;tcat=9800;items=20;sz=440x198;tile=5;ord=1152392301608;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\cvhzu6f1\z-z-top-my-heads-in-mississippi-cd-single_w0qqitemz4849054447qqcategoryz1573qqrdz1qqcmdzviewitem[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\iruncto1\imgres[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\yqo7trv2\_am[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\9is6dmri\_am[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\fec7jh4t\36[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\u10lqzk1\keywords;kw=johnny+neumonic;dcopt=ist;items=0;sz=440x198;tile=5;ord=1144963026343;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\81qf0h6z\_w0qqtzvb[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\s8cma0is\getinlinegallerydata[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\slipe3cr\women's_clothing;cat=11450;cat=15724;cat=3029;cat=38540;dcopt=ist;tcat=38541;items=7947;sz=440x198;tile=5;ord=1150824864952;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\s753qq79\mp3search[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\k1cr0z4r\_networking-it_w0qqcatrefzc12qqsacategoryz16161qqsasszjustdealsq2dukqqsorecordsperpagez50qqsosortpropertyz1[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\eqv5gyql\images[5].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\a4q6ymla\images[4].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\eqv5gyql\images[4].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[7].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\df3pv0o1\images[3].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\a4q6ymla\images[3].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[6].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\yfin6hyf\myebaysummary;tile=1;dcopt=ist;pos=1;sz=150x36;ord=1118180840061;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\a4q6ymla\images[2].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temp\temporary internet files\content.ie5\rxl9zgd0\myebayforguestssummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1153237110421;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[5].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\df3pv0o1\images[2].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[4].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\df3pv0o1\images[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[3].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\cxb29rdz\listconfirm;dcopt=ist;promo=myebay;sz=468x60;tile=1;ord=1151263434061;[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\a4q6ymla\images[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\search[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\eqv5gyql\search[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[2].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\eqv5gyql\images[3].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\paul\local settings\temporary internet files\content.ie5\4hincxyb\r[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\eqv5gyql\images[2].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\dcsdpajg\images[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\eqv5gyql\images[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\ljjf99ga\pagead[1].". The operation completed successfully
    20:29: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\326y8sa8\pagead[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\sxqj4xmb\litetk[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\j7pvj90g\enid-blyton_w0qqsoloctogz9qqsorecordstoskipz100[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\becky\local settings\temporary internet files\content.ie5\5f77hl4y\search[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\r9o0obnz\search[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\paul\local settings\temporary internet files\content.ie5\qxijqb81\type=click&flightid=15644&adid=24383&targetid=2844&segments=51,689,903,1386,1401,2404,2709,3109&targets=3,2844,5715,4978,1111values=25,31,43,51,60[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\ixv8d8z2\lbr_portal[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\kpefg92f\sz[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\1u5rrmwo\home;dcopt=ist;sz=468x60;ord=5054429551897263[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\paul\local settings\temporary internet files\content.ie5\cv0j4dyx\;ord=99999999[1].". The operation completed successfully
    20:28: Warning: Failed to open file "c:\documents and settings\john\local settings\temporary internet files\content.ie5\cxb29rdz\myebayselling;dcopt=ist;pos=1;ssmt=none;sstt=none;ssrt=none;ssat=none;spmt=none;ups=false;sz=150x36;tile=1;ord=1151233556326;[1].". The operation completed successfully
    20:14: C:\WINDOWS\SYSTEM32\cards.ico (ID = 60207)
    20:14: Found Adware: euniverse
    20:03: C:\WINDOWS\SYSTEM32\vmss (ID = 2147486180)
    20:03: Found Adware: delfin
    20:03: C:\WINDOWS\SYSTEM32\FLEOK (ID = 2147486740)
    20:03: Found Adware: 180search assistant/zango
    20:02: Starting File Sweep
    20:02: Warning: Failed to access drive A:
    20:02: Cookie Sweep Complete, Elapsed Time: 00:00:00
    20:02: Starting Cookie Sweep
    20:02: Registry Sweep Complete, Elapsed Time:00:00:18
    20:02: HKU\S-1-5-21-1294642078-2690133624-1694720459-1006\remoteaccess\profile\globaleaccess\ (ID = 1357831)
    20:02: HKU\WRSS_Profile_S-1-5-21-1294642078-2690133624-1694720459-1009\remoteaccess\profile\derbiz.com isp\ (ID = 1357826)
    20:02: Found Adware: clickyes2enter dialer
    20:02: HKLM\system\controlset002\enum\root\legacy_delprot\ (ID = 1354643)
    20:02: HKLM\system\controlset001\enum\root\legacy_delprot\ (ID = 1354619)
    20:02: Found Adware: isearch desktop search
    20:02: Starting Registry Sweep
    20:02: Memory Sweep Complete, Elapsed Time: 00:01:38
    20:00: Starting Memory Sweep
    20:00: Sweep initiated using definitions version 691
    20:00: Spy Sweeper 5.0.5.1286 started
    20:00: | Start of Session, 09 August 2006 |
    ********
    20:00: | End of Session, 09 August 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    19:58: Shield States
    19:58: Spyware Definitions: 691
    19:58: Spy Sweeper 5.0.5.1286 started
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    19:56: Shield States
    19:56: Spyware Definitions: 691
    19:55: Spy Sweeper 5.0.5.1286 started
    19:55: Spy Sweeper 5.0.5.1286 started
    19:55: | Start of Session, 09 August 2006 |
    ********
     
  9. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Logfile of HijackThis v1.99.1
    Scan saved at 21:11:48, on 09/08/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MP3ToTheMax] C:\Documents and Settings\John\Application Data\MP3ToTheMax.exe t
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: MP3ToTheMax - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\John\Application Data\MP3ToTheMax.exe (file missing)
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    ================
    How are things????
     
  11. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Do you mean to delete top 4 files identified on the scan?
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    No - mark the top 4 boxes in the un-necessary files window of EasyCleaner
     
  13. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
    Action taken and some 3000 unecessary files deleted
    Hi jack this log for perusal

    Logfile of HijackThis v1.99.1
    Scan saved at 18:33:25, on 10/08/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    F2 - REG:system.ini: Shell=explorer.exe
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: MP3ToTheMax - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\John\Application Data\MP3ToTheMax.exe (file missing)
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  14. mcjosu

    mcjosu Thread Starter

    Joined:
    Aug 8, 2006
    Messages:
    24
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490552

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice