Well it seems to have got a lot of people including me ( I have gone through some of the topics on this forum and I'm not too sure how much I understand, but I realise you nice guys who help would like a log from HijakThis which I downloaded and here it is. If anyone could help me with what to do next that would be greatly appreciated. My computer is a little slow, so there maybe other problem other than just this access memembers area desktop item thing ( Thanks in advance! Matt Logfile of HijackThis v1.99.1 Scan saved at 19:57:48, on 26/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Windows AdControl\WinAdCtl.exe C:\Program Files\Windows AdControl\WinAdAlt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\TEMP\win371.tmp.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\TEMP\win2FD.tmp.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6C2DD1C9-36A9-DF39-CB9D-D3DEAAAFD95D} - (no file) O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file) O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/026ad4f7202f894fff06/netzip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131833152062 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configuratoreauto.cab O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlaccell.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
Ok, you got many infections. You don't have a firewall or an antivirus on your computer. You seem to have some Norton remainings so lets clean those too. Download and install one firewall and one antivirus. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com These are good (free) antiviruses: AVG Antivirus --> http://www.grisoft.com Avast --> http://www.avast.com Cleaning instructions: 1.Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/ 2.Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1 Do NOT run yet. 3.Go to Control Panel -> Add or remove programs -> Remove DyFuCa, CashBack, BargainBuddy, Windows AdControl, WebRebates if found 4.Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) O2 - BHO: (no name) - {6C2DD1C9-36A9-DF39-CB9D-D3DEAAAFD95D} - (no file) O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file) O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/026ad4f7202f894fff06/netzip/RdxIE601.cab O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlaccell.CAB O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll 5.Open Notepad Copy these lines and paste to the notepad sc stop navapsvc sc delete navapsvc sc stop SBService sc delete SBService sc stop SNDSrvc sc delete SNDSrvc sc stop ZESOFT sc delete ZESOFT Save the document to the desktop as Removal.bat and file type: All Files Go to your desktop, run the file Removal.bat and ask yes to any questions. 6.Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode) 7.Make your hidden files visible: ->On the Tools menu in Windows Explorer, click Folder Options. ->Click the View tab. ->Under Hidden files and folders, click Show hidden files and folders. 8.Run ATF Cleaner -> Check select all -> Press Empty selected 9.Delete these folders if found: C:\Program Files\-->Windows AdControl C:\Program Files\-->WebRebates C:\Program Files\-->DyFuCa C:\Program Files\-->BargainBuddy C:\Program Files\-->CashBack C:\Program Files\-->ISTsvc C:\Program Files\-->ISTbar 10.Delete these files if found: C:\WINDOWS\System32\-->bridge.dll C:\WINDOWS\system32\-->nvms.dll C:\WINDOWS\system32\-->mscb.dll C:\WINDOWS\system32\-->msbe.dll C:\WINDOWS\SYSTEM32\-->winrkp32.dll C:\WINDOWS\-->zeta.exe 11.Empty the Recycle Bin 12.Make your hidden files invisible again: ->On the Tools menu in Windows Explorer, click Folder Options. ->Click the View tab. ->Under Hidden files and folders, click Do not show hidden files and folders. 13.Scan and clean your computer with Ewido and save the log file. 14.Restart your computer normally. 15.Post a fresh HijackThis log and Ewido's log to here so we can see if your computer is now clean.
Wow!! Many thanks for your time and help, this is very much appreciated! Below are the two log files you have requested. I'm also now running in the Background, Zone Alarm, Norton Anti-Virus and Ewido. Is that okay? Many thanks! Matt HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 08:12:51, on 28/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131833152062 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configuratoreauto.cab O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 06:49:40, 28/03/2006 + Report-Checksum: FCDD20AB + Scan result: HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup HKLM\SOFTWARE\Alset -> Adware.HelpExpress : Cleaned with backup HKLM\SOFTWARE\Alset\HX -> Adware.HelpExpress : Cleaned with backup HKLM\SOFTWARE\Alset\HX\Users -> Adware.HelpExpress : Cleaned with backup HKLM\SOFTWARE\CashBack -> Adware.CashBack : Cleaned with backup HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\Bridge.brdg\CLSID -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\Bridge.brdg\CurVer -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\Bridge.brdg.1 -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CB.UrlCatcher.1 -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Classes\Jao.jao -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\Jao.jao\CLSID -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\Jao.jao\CurVer -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\Jao.jao.1 -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag.1 -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1 -> Adware.BetterInternet : Cleaned with backup HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand\CLSID -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand\CurVer -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand.1 -> Adware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\eXactUtil -> Adware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Adware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Adware.BargainBuddy : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar -> Adware.ISTBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Adware.180Solutions : Cleaned with backup HKLM\SOFTWARE\msbb -> Adware.180Solutions : Cleaned with backup HKLM\SOFTWARE\NaviSearch -> Adware.NaviSearch : Cleaned with backup HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup HKLM\SOFTWARE\salm -> Adware.180Solutions : Cleaned with backup HKLM\SOFTWARE\twaintec -> Adware.BetterInternet : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXClient -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXDL -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXIUL -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Alset\HX\HXIUL\Current -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Apropos -> Adware.Apropos : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\IESearchbar -> Adware.BlazeFind : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\IESearchbar\IESearchbar -> Adware.BlazeFind : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\HelpExpress -> Adware.HelpExpress : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\msbb -> Adware.180Solutions : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\PowerScan -> Adware.PowerScan : Cleaned with backup HKU\S-1-5-21-2678003418-2669302297-488748980-1003\Software\salm -> Adware.180Solutions : Cleaned with backup C:\c.vbs -> Downloader.Small.f : Cleaned with backup :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3xpvyg3q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.8:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.10:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.11:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.12:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.13:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.14:C:\Documents and Settings\Owner\Application Data\Netscape\NSB\Profiles\4lx4il37.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup C:\Downloaded Programmes\MS Office 2003\Product Key & Activation Code Disable\Anti-MSOPA.exe/Anti-MSOPA.exe -> Trojan.Agent.jh : Error during cleaning C:\HJT\backups\backup-20060327-224749-131.dll -> Adware.BargainBuddy : Cleaned with backup C:\HJT\backups\backup-20060327-224749-273.dll -> Logger.Briss.i : Cleaned with backup C:\HJT\backups\backup-20060327-224749-803.dll -> Adware.BargainBuddy : Cleaned with backup C:\HJT\backups\backup-20060327-224749-979.dll -> Adware.BargainBuddy : Cleaned with backup C:\HJT\backups\backup-20060327-224751-370.dll -> Downloader.Dia.a : Cleaned with backup C:\Program Files\Alset\HelpExpress\Owner\Client\HelpExp.exe -> Adware.HelpExpress : Cleaned with backup C:\Program Files\Alset\HelpExpress\Owner\Download\CLIENT.CAB/HelpExp.exe -> Adware.HelpExpress : Error during cleaning C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup C:\Program Files\BullsEye Network -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\BullsEye Network\ad.dat -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\BullsEye Network\bin -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\BullsEye Network\bin\adv.exe -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\BullsEye Network\bin\adx.exe -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\BullsEye Network\ub.dat -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Cleaned with backup C:\Program Files\Common Files\ouuq\ouuqa.exe -> Downloader.TSUpdate.l : Cleaned with backup C:\Program Files\Common Files\ouuq\ouuql.exe -> Downloader.TSUpdate.j : Cleaned with backup C:\Program Files\Common Files\ouuq\ouuqm.exe -> Downloader.TSUpdate.k : Cleaned with backup C:\Program Files\Common Files\ouuq\ouuqp.exe -> Adware.Xupiter : Cleaned with backup C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup C:\Program Files\Power Scan -> Adware.PowerScan : Cleaned with backup C:\Program Files\Power Scan\powerscan.exe -> Adware.PowerScan : Cleaned with backup C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup C:\Program Files\SideFind\sfbho.dll -> Adware.SideFind : Cleaned with backup C:\Program Files\Windows AdTools\WinWrench.dll -> Adware.WinAD : Cleaned with backup C:\Program Files\WindowsSA\omniscient.exe -> Adware.BlazeFind : Cleaned with backup C:\Program Files\WindowsSA\omniscienthook.dll -> Adware.BlazeFind : Cleaned with backup C:\temp\lc.exe -> Adware.BetterInternet : Cleaned with backup C:\temp\NCasePackage.exe -> Dropper.180Solutions.a : Cleaned with backup C:\temp\salm.exe -> Adware.180Solutions : Cleaned with backup C:\temp\salmhook.dll -> Adware.180Solutions : Cleaned with backup C:\temp\WebRebates_Auto_InstallSilent_Euro.exe -> Adware.WebRebates : Cleaned with backup C:\temp\WinAdCtlInstPack.exe -> Adware.WinAD : Cleaned with backup C:\WINDOWS\2_0_1browserhelper2.dll -> Hijacker.Delf.r : Cleaned with backup C:\WINDOWS\alchem.exe -> Downloader.Alchemic : Cleaned with backup C:\WINDOWS\Belt.exe -> Downloader.Stubby.a : Cleaned with backup C:\WINDOWS\Downloaded Program Files\bridge.dll -> Logger.Briss.g : Cleaned with backup C:\WINDOWS\Downloaded Program Files\jao.dll -> Logger.Briss.g : Cleaned with backup C:\WINDOWS\Downloaded Program Files\legacymp3.exe -> Downloader.Small.bp : Cleaned with backup C:\WINDOWS\dxjlfsy.exe -> Downloader.IstBar.ij : Cleaned with backup C:\WINDOWS\emsw.exe -> Adware.HelpExpress : Cleaned with backup C:\WINDOWS\preInsTT.exe -> Adware.BiSpy : Cleaned with backup C:\WINDOWS\qpoluxef.exe -> Adware.180Solutions : Cleaned with backup C:\WINDOWS\SYSTEM32\a.exe -> Logger.Briss.e : Cleaned with backup C:\WINDOWS\SYSTEM32\angelex.exe -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\apuc.dll -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\axuninstall.exe -> Adware.BlazeFind : Cleaned with backup C:\WINDOWS\SYSTEM32\exdl.exe -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\exdl0.exe -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\exdl1.exe -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\exul.exe -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\exul1.exe -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Error during cleaning C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Error during cleaning C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Error during cleaning C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Error during cleaning C:\WINDOWS\SYSTEM32\omniband.dll -> Adware.BlazeFind : Cleaned with backup C:\WINDOWS\SYSTEM32\wsaupdater.exe -> Adware.BlazeFind : Cleaned with backup C:\WINDOWS\twaintec.dll -> Adware.BiSpy : Cleaned with backup C:\WINDOWS\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup ::Report End
OK, not clean yet. [You had a nice collection of malware... =)] Install an antivirus. These are good (free) antiviruses: AVG Antivirus --> http://www.grisoft.com Avast --> http://www.avast.com New cleaning instructions Download Blacklight to your desktop -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe Do not run a scan yet. Download Killbox to your desktop -> http://www.downloads.subratam.org/KillBox.zip Unzip it to your desktop. Run HijackThis and fix this entry: O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll Run Killbox.exe -> Choose Delete on Reboot -> Click All Files option. Copy the following lines to your clipboard (choose text with your mouse, press CTRL+C or copy) C:\WINDOWS\SYSTEM32\netut80ex.vxd C:\WINDOWS\system32\exdl.exe C:\WINDOWS\system32\mqexdlm.srg C:\WINDOWS\system32\exul.exe C:\WINDOWS\system32\javexulm.vxd C:\WINDOWS\SYSTEM32\winrkp32.dll Then go back to Killbox -> go to File -> choose Paste from Clipboard -> Click the red-white Delete File option. -> Click Yes to Delete on Reboot question -> Click OK to any PendingFileRenameOperations requests (and tell me if you get any of these!) -> Restart your computer if Killbox won't do it. (If you get this error when running Killbox: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.", download Missingfilessetup.exe form here to your desktop and run the file, then try running killbox -> http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) Restart your computer to the safe mode. Make your hidden files visible: ->On the Tools menu in Windows Explorer, click Folder Options. ->Click the View tab. ->Under Hidden files and folders, click Show hidden files and folders. Delete this folder: C:\Program Files\Alset Empty the Recycle Bin Make your hidden files invisible again: ->On the Tools menu in Windows Explorer, click Folder Options. ->Click the View tab. ->Under Hidden files and folders, click Do not show hidden files and folders. Scan and clean your computer with Ewido and save the log file. Restart your computer normally. Run a scan with F-Secure Blacklight -> Do NOT rename anything yet -> It will save the log to your desktop, named fsbl**********.txt Post the following logs to here so we can see if your computer is now clean. -> fresh HijackThis log -> Ewido's log -> Blacklight's log
Hi again! Thank you ever so much for all your help so far. It's so refreshing to have people like you in the world that actually care for others ) Here are the three log files that you have requestd. Many thanks! Matt HijakThis: Logfile of HijackThis v1.99.1 Scan saved at 22:52:26, on 28/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Grisoft\AVG Free\avgcc.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131833152062 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configuratoreauto.cab O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 22:26:47, 28/03/2006 + Report-Checksum: 85C6B678 + Scan result: C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Error during cleaning C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Error during cleaning C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Error during cleaning C:\!KillBox\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Error during cleaning C:\!KillBox\winrkp32.dll -> Downloader.Small.cml : Cleaned with backup :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5y46oguv.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85I309QN\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NBRV3G1P\wdinit64[1].exe -> Trojan.Dialer.u : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QZC1WDCJ\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QZC1WDCJ\wdinit64[2].exe -> Trojan.Dialer.u : Cleaned with backup C:\Downloaded Programmes\MS Office 2003\Product Key & Activation Code Disable\Anti-MSOPA.exe/Anti-MSOPA.exe -> Trojan.Agent.jh : Error during cleaning C:\WINDOWS\SYSTEM32\AdService.dll -> Downloader.Small.cml : Cleaned with backup ::Report End BLACKLIGHT 03/28/06 22:47:07 [Info]: BlackLight Engine 1.0.33 initialized 03/28/06 22:47:07 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/28/06 22:47:07 [Note]: 7019 4 03/28/06 22:47:07 [Note]: 7005 0 03/28/06 22:47:11 [Note]: 7006 0 03/28/06 22:47:11 [Note]: 7011 1296 03/28/06 22:47:13 [Note]: FSRAW library version 1.7.1015 03/28/06 22:49:56 [Note]: 7007 0
Ok, still something that must be done. Fix this entry with HijackThis: O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing) Restart your computer to the safe mode. Make your hidden files visible. Delete this folder: C:\Downloaded Programmes\MS Office 2003\-->Product Key & Activation Code Disable Make your hidden files invisible. And because you had so many infections, your computer must be scanned with eScan. 1.Download eScan from here and save it to your desktop -> http://www.spywareinfo.dk/download/mwav.exe 2.Doubleclick to file mwaw.exe (on your desktop) and unzip the program to its default location (C:\Kaspersky) 3.Close the eScan window. 4.Then go to the folder C:\Kaspersky and run a file called kavupd.exe. It will update the program. (If ZoneAlarm alerts about connections to this program, allow those) 5.When kavupd.exe has finished go to the folder C:\Downloads and press CTRL+A (Select all files) then press CTRL+C (Copy) and go to the folder C:\Kaspersky and press CTRL+V (Paste), overwrite files when asked. 6.Then go to the folder C:\Kaspersky and run a file named mwavscan. Check these options: Memory, Registry, Startup Folders, System Folders, Services, Drive -> All Local drives, Scan all files 7.Then press Scan Clean button. 9.When scan has finished, copy the results from the field in the scan window. Just copy those with your mouse and paste and save those with the Notepad to your desktop. Name it to viruslog.txt (check this picture -> http://koti.mbnet.fi/pattaya1/eScan10.jpg ) 10.Post the eScan's results (viruslog.txt) and a one more HijackThis log to here.
Hi again!! Below are the files you have asked for. I've suddenly in the last 24 hours or so started to lose Internet connection. This is not when browsing, but when I've either been away from the computer for a LONG time or when I re-start it. I have to disconnect the modem to re-boot and wait for a while. Could this have anything to do with Zone Alarm or anything like that? I have just added two more computers to my wireless network, so that maybe it. However they have Internet when I don't?!?! Thanks! Matt Logfile of HijackThis v1.99.1 Scan saved at 19:14:25, on 29/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/Websites/mattblank.com/mattblank/email/offline.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131833152062 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.showroom@fiat.co.uk/components/ocx/autopricer/configuratoreauto.cab O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM32\wowctl2.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe KASPERSKY: File C:\WINDOWS\system32\npwext32.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed. File C:\WINDOWS\system32\nv4vcs.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed. File C:\!KillBox\netut80ex.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\Program Files\Norton AntiVirus\Quarantine\16BE0B37.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted. File C:\Program Files\Norton AntiVirus\Quarantine\31415717.dll infected by "Trojan.Win32.VB.jo" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159173.exe tagged as not-a-virus:AdWare.Win32.EZula.a. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159174.exe tagged as not-a-virus:AdWare.Win32.NavExcel.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159176.exe tagged as not-a-virus:AdWare.Win32.SaveNow.c. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159177.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.a. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1076\A0159178.exe tagged as not-a-virus:AdWare.Win32.Exact.a. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159555.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159556.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159561.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159562.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159563.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159564.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159632.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159633.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1079\A0159634.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159726.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159727.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159728.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159729.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1080\A0159735.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1081\A0159979.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1082\A0159985.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1082\A0159993.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1082\A0160035.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160040.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160044.exe tagged as not-a-virusorn-Dialer.Win32.GBDialer.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160062.exe tagged as not-a-virus:AdWare.Win32.WinAD.b. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160063.dll tagged as not-a-virus:AdWare.Win32.WinAD.b. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160073.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160074.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160075.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160076.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160077.exe tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160078.vbs infected by "Trojan-Downloader.VBS.Small.f" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160079.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160081.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160082.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160084.exe tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160085.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160086.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160087.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.y. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160091.exe tagged as not-a-virus:AdWare.Win32.Xupiter.m. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160092.exe tagged as not-a-virus:AdWare.Win32.PowerScan.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160093.dll tagged as not-a-virus:AdWare.Win32.SideFind. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160094.dll tagged as not-a-virus:AdWare.Win32.WinAD. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160095.exe tagged as not-a-virus:AdWare.Win32.BlazeFind.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160096.dll tagged as not-a-virus:AdWare.Win32.BlazeFind.d. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160097.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160101.exe tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160102.exe tagged as not-a-virus:AdWare.Win32.BiSpy.f. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160103.exe tagged as not-a-virus:AdWare.Win32.180Solutions. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160105.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160106.dll tagged as not-a-virus:AdWare.Win32.BargainBuddy.j. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160107.exe tagged as not-a-virus:AdWare.Win32.BlazeFind.b. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160108.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160109.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160110.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160111.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160112.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160113.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160114.srg tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160115.dll tagged as not-a-virus:AdWare.Win32.BlazeFind.e. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160116.exe tagged as not-a-virus:AdWare.Win32.BlazeFind.a. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1083\A0160117.dll tagged as not-a-virus:AdWare.Win32.BiSpy.m. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1084\A0160300.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1084\A0160305.exe tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1084\A0160306.EXE tagged as not-a-virus:AdWare.Win32.HelpExpress. No Action Taken. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160771.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160772.exe infected by "Virus.Win32.Porad.a" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160775.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP1086\A0160776.dll infected by "Trojan.Win32.VB.jo" Virus. Action Taken: File Deleted. File C:\WINDOWS\pss\OfficeTools.htaCommon Startup infected by "Trojan-Dropper.VBS.Inor.bt" Virus. Action Taken: File Deleted.
Ok, there were many malware programs in the system restore folder and eScan couldn't clean them. Cleaning instructions: Disable your system restore. Instructions -> http://service1.symantec.com/support/tsgeninfo.nsf/docid/2001111912274039 Run a scan with eScan again. Post the results to here. Enable your system restore. That ZoneAlarm problem: Have you set the internet lock on from ZoneAlarm's settings?
Hi again ) Only came back with this: File C:\!KillBox\netut80ex.vxd tagged as not-a-virus:AdWare.Win32.BargainBuddy.q. No Action Taken. Matt xx
Ok great, you are clean now. You had a keylogger on you computer so I suggest that you change all your online passwords. (they log keystrokes) That file eScan found is just a backup taken by Killbox. You can delete the folder C:\!KillBox now. Still having problems with connection?
Many thanks for all your help. This is great news ) I can't say how grateful I am to you!! Yeah I am still having Internet problems. I think (and it's only a guess as it was a quick experiment and could have been coincidental) that it probably is Zone Alarm. I think it's got something to do with 'Internet Zone Security'. Should that be on High or Medium? On High it doesn't always seem to let me have access?!!?! Matt
You're welcome =) Internet zone security should be "High" Check that internet lock isn't on: ->Open ZoneAlarm ->Program Control ->Main ->Automatic lock <----is this on or off? If it is on, ZoneAlarm will automatically lock your internet if your computer isn't in use.
