Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BTcar.com R


  • Please log in to reply

#1
double2k7

double2k7

    New Member

  • Member
  • Pip
  • 6 posts
Hey, basically dis web site keeps cumin up reali annoyin lol can any1 help me
apprcatie it

Logfile of HijackThis v1.99.1
Scan saved at 23:38:54, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\Program Files\Java\jre1.6.0\bin\jusched.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\DRIVERS\services.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Cable&Wireless\C&W_802.11g_Utility\C&WWLAN.exe
G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
G:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
G:\Program Files\MSN Messenger\msnmsgr.exe
G:\Program Files\iTunes\iTunes.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Documents and Settings\dan1\My Documents\HijackThis.exe
G:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - G:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] G:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows svchost] C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
O4 - HKLM\..\Run: [Windows Services Loader] C:\WINDOWS\SYSTEM32\DRIVERS\services.exe C:\WINDOWS\SYSTEM32\DRIVERS\serv-u.ini
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Cable & Wireless 11g Wireless USB.lnk = G:\Program Files\Cable&Wireless\C&W_802.11g_Utility\C&WWLAN.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - G:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...928/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DigiChat 4.0 Server (DigiChat_4.0_Server) - Zero G - G:\PROGRA~1\DIGICH~1.0\DIGICH~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - G:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
double2k7,

First I want to see what programs are installed. Please do the following for me.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,

sari
  • 0

#3
double2k7

double2k7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Apple Software Update
Cable & Wireless 802.11g Series Wireless LAN USB
ccCommon
FL Studio 5
HijackThis 1.99.1
Internet Worm Protection
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 9
Java 2 Runtime Environment Standard Edition v1.3.1_01
Java Web Start
Java™ SE Runtime Environment 6
LiveUpdate 3.0 (Symantec Corporation)
Messenger Plus! 3
Microsoft Age of Empires Gold
Microsoft Digital Image Starter Edition 2006
MSN
MSN Messenger 7.5
NAVShortcut
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
PCI Audio Driver
Picasa 2
PodUtil 3.0.3
QuickTime
Shockwave
SPBBC
SpywareBot 1.4.1.4
Symantec
The Sims Deluxe Edition
TRUST 120 [email protected]
Ulead PhotoImpact 10 ESD
Ulead PhotoImpact 12
Update for Windows XP (KB898461)
Update Manager
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
  • 0

#4
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
double2k7,

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
    • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

    ***************
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - G:\WINDOWS\system32\ipv6mons.dll
    O4 - HKLM\..\Run: [Windows svchost] C:\WINDOWS\system32\drivers\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe -b C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
    O4 - HKLM\..\Run: [Windows Services Loader] C:\WINDOWS\SYSTEM32\DRIVERS\services.exe C:\WINDOWS\SYSTEM32\DRIVERS\serv-u.ini

    Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please remove these entries from Add/Remove Programs in the Control Panel(if present):

    Spywarebot 1.4.1.4 <-- This is considered rogue anti-spyware, as defined here, and it should be uninstalled


    Show Hidden Files
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

    Please delete these files using Windows Explorer(if present):

    G:\WINDOWS\system32\ipv6mons.dll
    C:\WINDOWS\system32\drivers\etc\LSASS.exe
    C:\WINDOWS\SYSTEM32\DRIVERS\etc\svchost.exe
    C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll
    C:\WINDOWS\SYSTEM32\DRIVERS\services.exe
    C:\WINDOWS\SYSTEM32\DRIVERS\serv-u.ini


    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • If it wants to install an ActiveX component allow it
  • Select either Home User or Company
  • Click the big Scan Now button
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
In your next post, I need the AVG Anti-spyware log, the Activescan log, and a new hijackthis log.

Thanks,

sari

Edited by sari, 24 January 2007 - 10:13 AM.

  • 0

#5
double2k7

double2k7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Activescan

Incident Status Location

Spyware:Cookie/888 Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][3].txt
Spyware:Cookie/adultfriendfinder Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/Azjmp Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/DelfinMedia Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/Systemdoctor Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected G:\Documents and Settings\dan1\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/RealSpy Not disinfected G:\WINDOWS\system32\actskn45.ocx
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:50:04 20/01/2007

+ Scan result:



G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP243\A0151737.exe -> Adware.Agent : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143295.dll -> Adware.Delfin : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148259.dll -> Adware.Delfin : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151587.dll -> Adware.Delfin : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143368.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143369.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143370.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143371.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143372.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148301.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148302.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148303.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148304.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148305.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148333.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148334.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0148335.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151583.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151584.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
G:\Program Files\Ipwindows\ipwins.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
G:\Program Files\Ipwindows\ipwins.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0147541.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0147542.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP240\A0149474.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP240\A0149475.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143241.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143243.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143397.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0144393.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0147555.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151560.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP243\A0151735.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
G:\Program Files\Common Files\{280C3A9F-0455-2057-0503-02012102002c}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0150559.dll -> Adware.Softomate : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151582.exe -> Adware.Softomate : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151593.dll -> Adware.Softomate : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143246.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143430.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
G:\Documents and Settings\dan1\Local Settings\Temp\installer.exe -> Logger.BZub.gr : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP247\A0159664.dll -> Logger.BZub.hg : Cleaned with backup (quarantined).
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected]iture[2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected]o.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Linksynergy : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Vegasred : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Vegasred : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
G:\Documents and Settings\dan1\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143237.exe -> Trojan.Small : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP237\A0143403.exe -> Trojan.Small : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP238\A0147553.exe -> Trojan.Small : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP242\A0151562.exe -> Trojan.Small : Cleaned with backup (quarantined).
G:\System Volume Information\_restore{E68FE245-7564-46B5-8C64-A1A1717F0ADF}\RP245\A0154292.exe -> Trojan.Small : Cleaned with backup (quarantined).
G:\WINDOWS\system32\wintsvsu.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 00:16:05, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\Program Files\Java\jre1.6.0\bin\jusched.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Cable&Wireless\C&W_802.11g_Utility\C&WWLAN.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
G:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\MSN Messenger\msnmsgr.exe
g:\program files\common files\installshield\updateservice\isuspm.exe
G:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "g:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] G:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] G:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Cable & Wireless 11g Wireless USB.lnk = G:\Program Files\Cable&Wireless\C&W_802.11g_Utility\C&WWLAN.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - G:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...928/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DigiChat 4.0 Server (DigiChat_4.0_Server) - Zero G - G:\PROGRA~1\DIGICH~1.0\DIGICH~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - G:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thank You For Your Help Sari :whistling:
  • 0

#6
double2k7

double2k7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i swear i deleted them and they still runnin :whistling: hw do i go bout delting them probley
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
  • 0

#7
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
double2k7,

The files in c:\windows\system32 are valid - the ones you deleted were in a different spot, and that's why I had you delete them.

Your log is clean now, but we need to clear your restore points and update your java.

1. Go to Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked:

1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Now go to Add/Remove programs and look for anything that looks like JSE Runtime Environment Update 6 or other older versions of Java and uninstall them.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Post another hijackthis log for me to review.

Thanks,

sari
  • 0

#8
double2k7

double2k7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:39:11, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\MessengerPlus! 3\MsgPlus.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
G:\Program Files\Java\jre1.6.0\bin\jusched.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Cable&Wireless\C&W_802.11g_Utility\C&WWLAN.exe
G:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
G:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "G:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "G:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] G:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Cable & Wireless 11g Wireless USB.lnk = G:\Program Files\Cable&Wireless\C&W_802.11g_Utility\C&WWLAN.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - G:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...928/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DigiChat 4.0 Server (DigiChat_4.0_Server) - Zero G - G:\PROGRA~1\DIGICH~1.0\DIGICH~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - G:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#9
double2k7

double2k7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ermm .. with the java is kept saying i had the latest version, so i jus went on to control panel and unstalled the things u told me to and delted the temporary internet files :whistling: everything else is ok .. jw with that activescan it neva actually deleted them did it ...? Thankyou for your help :blink:
  • 0

#10
sari

sari

    GeekU Admin

  • Community Leader
  • 21,805 posts
  • MVP
double2k7,

The panda scan didn't clean anything, but they were primarily tracking cookies, and AVG AS took care of them all.

Here are some tips to reduce the potential for spyware infection in the future. I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definitely a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.


Thanks for visiting Geeks to Go.

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP