Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page My hijackthis log - possible problems?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-25-2005, 12:25 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 16
OS: WinXP


Grin My hijackthis log - possible problems?
Hi everyone. I've posted once before on this forum and was super impressed by the responses, so thanks :) I think I may have a couple of problem issues with my computer although so far I'm not really seeing any symptoms. All I've seen so far is 1 or 2 popup windows about winfixer and a process running that I can't seem to kill, but I'm not having the multiple-window-popup problem that others seems to have.

I'm running tha latest update of win xp, I regularly run ad-aware and spybot, I have norton antivirus with auto-protect enabled, and I also regularly update spywareblaster as well.

If someone could have a look through my hijackthis log and give me some pointers as to how to fix problem areas that would be fantastic :)


Logfile of HijackThis v1.99.1
Scan saved at 7:19:18 PM, on 25/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjj.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111486681290
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
babigurl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 11-25-2005, 12:36 AM   #2 (permalink)
TSF Enthusiast
 
Join Date: Feb 2005
Location: Israel
Posts: 1,032
OS: XP Proffesional


Send a message via ICQ to Omerr Send a message via MSN to Omerr
I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".
__________________
I am here in order to help you.
Omerr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-25-2005, 04:55 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 16
OS: WinXP


Thanks Omerr. I've subscribed to the thread and appreciate your help :)
babigurl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-25-2005, 11:48 AM   #4 (permalink)
TSF Enthusiast
 
Join Date: Feb 2005
Location: Israel
Posts: 1,032
OS: XP Proffesional


Send a message via ICQ to Omerr Send a message via MSN to Omerr
Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process.

Please download VundoFix.exe to your desktop.[list][*]Double-click VundoFix.exe to extract the files[*]This will create a VundoFix folder on your desktop.

Download CleanUp! and install it. Do NOT run it yet.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. Do NOT run it yet.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this:
  • At this point press enter one time.
  • Next you will see:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\pmkjj.dll
  • Press Enter to continue with the fix.
  • Next you will see:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • [b]C:\WINDOWS\system32\jjkmp.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjj.dll
    O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program.

Next run a full scan in Ewido. Save the log from the scan, and post in here on your next reply.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
1) Click "Options..."
2) Move the arrow down to "Custom CleanUp!"
3)Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
4) Uncheck the following:
  • Scan local drives for temporary files
5) Click OK
6) Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot your system in Normal Mode.

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the "Free Online Virus Scan" in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan. Once it has finished save the activescan log. Then post that log in your next post.

Now give us a new HijackThis log, along with Panda ActiveScan’s log and Ewido's log, so we can make sure your system is clean.
__________________
I am here in order to help you.
Omerr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-25-2005, 08:03 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 16
OS: WinXP


Hi Omerr,

I've done everything that you've said and got all the logs for you:


Logfile of HijackThis v1.99.1
Scan saved at 2:59:55 PM, on 26/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111486681290
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



-----------------------------------------------------


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:11:19 PM, 11/26/2005
+ Report-Checksum: AFF168E5

+ Scan result:

HKU\S-1-5-21-606747145-1801674531-839522115-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Krystie\Application Data\Mozilla\Firefox\Profiles\awql85vy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wfk4qocpcfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wfl4oodpiho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wfliwmcpmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wjk4wmdpgfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wjl4kpczeao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wjlokncjgfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Krystie\Cookies\krystie@e-2dj6wjnygncjsfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Downloads\AHEAD.NERO.BURNING.ROM.v6.3.1.6.ULTRA.EDITION.INCL.KEYGEN-ORiON\AHEAD.NERO.BURNING.ROM.v6.3.1.6.ULTRA.EDITION.INCL.KEYGEN-ORiON\Ahead.Nero.Burning.ROM.v6.3.1.6.Ultra.Edition.Incl.Keygen-ORiON\Keygen.exe -> TrojanDropper.Delf.gi : Cleaned with backup
D:\Downloads\AHEAD.NERO.BURNING.ROM.v6.3.1.6.ULTRA.EDITION.INCL.KEYGEN-ORiON\AHEAD.NERO.BURNING.ROM.v6.3.1.6.ULTRA.EDITION.INCL.KEYGEN-ORiON\Ahead.Nero.Burning.ROM.v6.3.1.6.Ultra.Edition.Incl.Keygen-ORiON.rar/Keygen.exe -> TrojanDropper.Delf.gi : Error during cleaning


::Report End


-----------------------------------------------------



Incident Status Location

Spyware:spyware/virtumonde Not desinfected Windows Registry
Spyware:Spyware/Virtumonde Not desinfected C:\WINDOWS\system32\pmnnl.dll
Dialer:dialer.b Not desinfected C:\WINDOWS\tmlpcert2005
babigurl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2005, 06:04 AM   #6 (permalink)
TSF Enthusiast
 
Join Date: Feb 2005
Location: Israel
Posts: 1,032
OS: XP Proffesional


Send a message via ICQ to Omerr Send a message via MSN to Omerr
Hello again.
You've done a great job cleaning up, and we're almost finished.

Please delete the following Folder indicated in BLUE if it still exists:

C:\WINDOWS\tmlpcert2005



Please start HiJackThis. Now:
  • Go to Config>Misc.Tools> Delete a file on reboot...
  • In the popup box that appears, copy/paste in
    C:\WINDOWS\system32\pmnnl.dll
  • Click the Open button.
  • Click YES when prompted to restart your computer.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click Start Scan
  • After it's done scanning, click Scan Results
  • Make sure all items found have a check next to them, then click Clean Threats Now.
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called Antispyware.log, please double-click that log and copy the entire contents and paste them here.

Please go to Kaspersky Online Scanner. Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

On your next post, please make sure you give me both Trend-Micro Anti Spyware's log and Kaspersky Online Scanner's log.

Good luck!
__________________
I am here in order to help you.
Omerr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-28-2005, 03:40 AM   #7 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 16
OS: WinXP


Hi Omerr, I've done everything that you've listed and hopefully everything is all good now :) Looks like the files that kaspersky found are all located in the norton quarantine so I don't know if that's good or not...

Here all the logs you asked for:

-----------------------------------------------------

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning


--------------------------------------------------


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, November 28, 2005 22:34:54
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 28/11/2005
Kaspersky Anti-Virus database records: 152082
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 50341
Number of viruses found: 11
Number of infected objects: 26
Number of suspicious objects: 1
Duration of the scan process: 2392 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\06BE56FC.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\10EE3FE4.exe Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\10F169E0.exe Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\10F413DC.frD Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\13412356.exe Infected: Trojan-Downloader.Win32.IstBar.ir
C:\Program Files\Norton AntiVirus\Quarantine\13444D53.exe Infected: Trojan-Downloader.Win32.IstBar.ir
C:\Program Files\Norton AntiVirus\Quarantine\1348774F.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton AntiVirus\Quarantine\1348774F.htm Infected: Trojan-Downloader.JS.IstBar.j
C:\Program Files\Norton AntiVirus\Quarantine\1C2E74A7.exe Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\25F67EA8.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\36676273.exe Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\366A0C6F.exe Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\40B95F6A.exe Infected: Trojan.Win32.P2E.br
C:\Program Files\Norton AntiVirus\Quarantine\4F265E3C.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4F265E3C.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\4F265E3C.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\4F265E3C.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\4F265E3C.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\4F265E3C.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\53EA6CA0.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\53ED169C.dll Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\551232B5.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton AntiVirus\Quarantine\55165CB1.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\566516A8.exe Infected: Trojan-Downloader.Win32.Small.alr
C:\Program Files\Norton AntiVirus\Quarantine\64377DD6.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\653127AB.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton AntiVirus\Quarantine\6B6928A7.exe Infected: Trojan-Downloader.Win32.IstBar.gen

Scan process completed.
babigurl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-28-2005, 07:13 AM   #8 (permalink)
TSF Enthusiast
 
Join Date: Feb 2005
Location: Israel
Posts: 1,032
OS: XP Proffesional


Send a message via ICQ to Omerr Send a message via MSN to Omerr
Hello again, babigurl.
Your log seems clean, congratulations! Are there any further problems now? If not, you should be set to go. If there ARE any problems, skip the next instructions and let me know about your problems so we can solve them out!

Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • Click Start >> Run - type SYSDM.CPL & press Enter
  • Select the System Restore Tab
  • Tick on the checkbox - "Turn off System Restore on all drives"
  • Click Apply
  • Then untick the same checkbox & click OK
  • This deletes ALL restore points that had the infection and creates a clean one

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.

Also, please clear your AntiVirus Quarantine Folder using this guide from Symantec.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
I am here in order to help you.
Omerr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-28-2005, 10:35 PM   #9 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 16
OS: WinXP


Everything is looking great and running nice and smoothe. I already had a couple of the programs you've suggested, but I've downloaded the others to try to keep my computer extra safe.

Thank you so much for all your help. It looks like you've gone to a lot of trouble :) It's much appreciated.
babigurl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-29-2005, 02:28 AM   #10 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Moving this to resolved...but please empty the Norton AntiVirus Quarantine folder.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:41 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84