Hi,
I went through the whole process; I hope I did it all correctly.
I was unable to run the housecall virus scan, for some unknown reason it wouldn't load up on my browser.
Here is the HJT file and the Panda scan:
---------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:19:34, on 24/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Norman\NVC\BIN\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\qed1_qc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\NORMAN\nvc\BIN\NIP.EXE
C:\NORMAN\nvc\BIN\cclaw.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Marc Becker\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PROVL400:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [eB4ERWJpj] qed1_qc.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...VSR/index.jhtmlO16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1098888057156O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {AD688740-5246-40C3-AF27-090006046834} -
http://www.xpehbam.biz/5/load.exeO18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
-----------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------
PANDA active scan:
Incident Status Location
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\qed1_qc.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/AdClicker No disinfected C:\WINDOWS\system32\pup.exe
Adware:Adware/MemoryWatcher No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\auto_update_uninstall.???
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/WinTools No disinfected C:\Program Files\Toolbar
Spyware:Spyware/TVMedia No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/SideSearch No disinfected C:\Program Files\sep
Adware:Adware/IEDriver No disinfected C:\Program Files\MaxSpeed
Spyware:Spyware/Overpro No disinfected C:\Overpro-*
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Marc Becker\Favoris\Sites about\Ab scissor.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Marc Becker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-6f169001.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Marc Becker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-30e13bf9-53373b91.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Marc Becker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-30e13bf9-53373b91.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Marc Becker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-30e13bf9-53373b91.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Marc Becker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-30e13bf9-53373b91.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Marc Becker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-571bc93f-222fb0ca.zip[MainApp.class]
Adware:Adware/IEDriver No disinfected C:\Overpro-347.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\nzqlihv.wzg
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\PIB.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\TBPS.exe
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\TBPS.exe_tobedeleted
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Toolbar\TBPSSvc.exe
Adware:Adware/SearchAid No disinfected C:\RECYCLER\S-1-5-21-139688431-677230114-2246800759-1005\Dc16.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiry32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\appnr.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\atlxr.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\bzjle.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3ym.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\fxebf.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\jjulr.dll
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\lchox.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\npjpx.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\nrtuy.dll
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\nszpc.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_idvhcc.log
Adware:Adware/HT401 No disinfected C:\WINDOWS\opmtl.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\pxkpb.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\raxcq.dll
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\sjanf.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\skppp.dll
Adware:Adware/Envolo No disinfected C:\WINDOWS\system32\auto_update_uninstall.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\system32\bpbrs.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\catsrv91.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\cfgbkend.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\system32\dcyes.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\system32\hdopv.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\khkcy.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\system32\lfuir.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\mssa32.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mtwearts.exe
Adware:Adware/Winshow No disinfected C:\WINDOWS\system32\ndxvi.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\qed1_qc.exe
Adware:Adware/Winshow No disinfected C:\WINDOWS\system32\risae.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\ufqfr.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\xslqb.dll
-------------------------------------------------------------------------------------------
I can open my folders again!!
Sad man