GB Dialer(RESOLVED)

grahjack · #1 (**permalink**) 18-03-2006, 12:00 PM

Hello I am new to this forum and found you by searching on GB Dialer.
Please can you help I have become infected with GB Dialer, attached is my HijackThis log.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:25:31, on 18/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Graham\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link.../uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - http://69.50.173.166/1/rdgGB2404.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136149811671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.c...pcuploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\SYSTEM32\winopn32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Neal · #2 (**permalink**) 18-03-2006, 09:22 PM

Welcome to DAL,

I suggest you go into add/remove program and remove if present:

Spyware Nuker
AdwareAlert

Reboot if anything was removed

http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

Then...

Please download, install, and update the NEW free version of Ewido trojan scanner:
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful")
[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
[*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please.

We need:

1. New hijackthis log

2. Kaspersky scan log

3. Ewido scan log

Thanks

grahjack · #3 (**permalink**) 19-03-2006, 05:08 PM

Thank you for your help Neal.

Logfile of HijackThis v1.99.1
Scan saved at 16:02:28, on 19/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Graham\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link.../uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - http://69.50.173.166/1/rdgGB2404.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136149811671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.c...pcuploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

KASPERSKY ON-LINE SCANNER REPORT
Sunday, March 19, 2006 10:13:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 19/03/2006
Kaspersky Anti-Virus database records: 182846

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 67719
Number of viruses found 14
Number of infected objects 102
Number of suspicious objects 0
Duration of the scan process 00:35:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Graham\Desktop\Access Members Area.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\01Y3OTMN\wdinit64[1].exe Infected: Trojan.Win32.Dialer.oy skipped

C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\8X6NCTM3\wdinit64[1].exe Infected: Trojan.Win32.Dialer.oy skipped

C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\GPUZC5YF\wdinit64[1].exe Infected: Trojan.Win32.Dialer.oy skipped

C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\WLUNKHU3\rdgGB2404[1].exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Documents and Settings\Mark\Desktop\Access Members Area.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\FMRP1PFR\rdgGB2404[1].exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\Q8YTN5OO\wdinit64[1].exe Infected: Trojan.Win32.Dialer.oy skipped

C:\Documents and Settings\Mark\My Documents\wow\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\Mark\My Documents\wow\mirc616.exe mIRC: infected - 1 skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\851CCA08-A0F6-4BF3-B280-205C16\694A182C-F204-4C40-AA9A-453958 Infected: not-a-virus:AdWare.Win32.180Solutions.q skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD725E0.exe Infected: not-a-virus:Porn-Dialer.Win32.Agent.z skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDB4FDD Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDE79D9.dll Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDE79D9.exe Infected: Trojan-Dropper.Win32.Agent.aiq skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\166C12BB.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CE95799.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\232812CA.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38AC2DCE Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38AC2DCE.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53E53DFB.exe Infected: Trojan-Dropper.Win32.Agent.aiq skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\796355D6.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\RECYCLER\NPROTECT\00000081.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP156\A0102971.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream/data0015 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream/data0016 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream/data0017 Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP237\A0126224.exe Infected: Email-Worm.Win32.VB.an skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP243\A0127741.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP243\A0127743.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127862.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127865.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127925.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127926.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127950.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP246\A0127963.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128042.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128043.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128044.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128045.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128126.dll Infected: Trojan-Downloader.Win32.Small.cml skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128131.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128134.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128136.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128137.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128138.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128140.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128142.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128144.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128145.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128151.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128258.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128260.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128297.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128303.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128322.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128323.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128326.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128334.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128335.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128337.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128341.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128342.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128369.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128389.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128390.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128399.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128402.dll Infected: not-a-virus:AdWare.Win32.Agent.c skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128404.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128416.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128434.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128437.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128438.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128439.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128489.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128492.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128496.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128499.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128500.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128563.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128565.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128566.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128567.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128568.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128569.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128570.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128571.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128580.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128581.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128583.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128592.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128593.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128598.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128602.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128611.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128621.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\WINDOWS\system32\winopn32.dll Infected: Trojan-Downloader.Win32.Small.cml skipped

C:\WINDOWS\Temp\win1448.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\WINDOWS\Temp\win5DB.tmp.exe Infected: Trojan.Win32.Dialer.oy skipped

Scan process completed.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:42:47, 19/03/2006
+ Report-Checksum: 30858EBD

+ Scan result:

[748] C:\WINDOWS\system32\winopn32.dll -> Downloader.Small.cml : Cleaned with backup
[2744] C:\WINDOWS\TEMP\win5DB.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Graham\Cookies\graham@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Graham\Desktop\Access Members Area.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\01Y3OTMN\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\57ZNHDGE\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\8X6NCTM3\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\8X6NCTM3\wdinit64[2].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\GPUZC5YF\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\WLUNKHU3\rdgGB2404[1].exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mark\Desktop\Access Members Area.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\FMRP1PFR\rdgGB2404[1].exe -> Dialer.GBDialer.d : Cleaned with backup
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\Q8YTN5OO\wdinit64[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Shirley\Cookies\shirley@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Shirley\Cookies\shirley@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Shirley\Cookies\shirley@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\851CCA08-A0F6-4BF3-B280-205C16\694A182C-F204-4C40-AA9A-453958 -> Adware.180Solutions : Cleaned with backup
C:\RECYCLER\NPROTECT\00000081.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00000099.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00000240.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\system32\winopn32.dll -> Downloader.Small.cml : Cleaned with backup
C:\WINDOWS\Temp\win1448.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win5DB.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup

::Report End

Thank You

Neal · #4 (**permalink**) 19-03-2006, 06:01 PM

Welcome back,

Please print these instructions out for later use

Looks like Ewido probably got most of the problem, still more to do.

Go to Start > All Programs > Windows Defender./Disable for the time being please

This will open up the WD window... in the toolbar across the top there is a little down pointing arrow next to the question mark icon, if the user clicks on that they will get a drop down list and one of the options is to exit Windows Defender. Click on that and you will get a pop up asking if you are sure you want to exit.

To start it up again then all you need to do is go to Start > All Programs > Windows Defender and it will start running again.

Please do not run this tool just yet please, just install
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main check all EXCEPT COOKIES
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and check everything EXCEPT FIREFOX COOKIES AND FIREFOX SAVED PASSWORDS
Click the Empty Selected button.

If you use Opera browser

Click Opera at the top and check everything EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat

Scan with HJT again and put a check next to these items, making sure all browser windows are closed includeing this one so print this or create a new text document on desktop by right clicking an open area select new text document and save it to what ever you like. Now put a check next to these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - http://69.50.173.166/1/rdgGB2404.exe

O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)

Again make sure all browser windows are closed and click FIX

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Hunt for and delete if present:

rdgGB2404.exe < file
winopn32.dll < file

Search for and delete ALL FOLDER occurrences of Content.ie5 to clean up all 'Temporary Internet Files' content.

Now run the ATF cleaner per instructions above

Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter each time you type in "Y" until black box disappears.

Then reboot normal mode and rescan with Kaspersky

Also rescan with Ewido but from safe mode this time please.

Please do the Ewido safe mode scan first

Post those logs and a new hijackthis log as well. Thanks

grahjack · #5 (**permalink**) 20-03-2006, 07:01 PM

Appears to have removed GB Dialer -Thank You

Please find following log files:

KASPERSKY ON-LINE SCANNER REPORT
Sunday, March 19, 2006 6:49:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 19/03/2006
Kaspersky Anti-Virus database records: 182894

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 65070
Number of viruses found 14
Number of infected objects 96
Number of suspicious objects 0
Duration of the scan process 00:36:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Mark\My Documents\wow\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\Mark\My Documents\wow\mirc616.exe mIRC: infected - 1 skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD725E0.exe Infected: not-a-virus:Porn-Dialer.Win32.Agent.z skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDB4FDD Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDE79D9.dll Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CDE79D9.exe Infected: Trojan-Dropper.Win32.Agent.aiq skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\166C12BB.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CE95799.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\232812CA.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38AC2DCE Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38AC2DCE.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53E53DFB.exe Infected: Trojan-Dropper.Win32.Agent.aiq skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\796355D6.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\RECYCLER\NPROTECT\00000251.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\RECYCLER\NPROTECT\00000258.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\RECYCLER\NPROTECT\00000262 Infected: not-a-virus:AdWare.Win32.180Solutions.q skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP156\A0102971.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream/data0015 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream/data0016 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream/data0017 Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe/stream Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP185\A0118592.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP237\A0126224.exe Infected: Email-Worm.Win32.VB.an skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP243\A0127741.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP243\A0127743.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127862.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127865.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127925.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127926.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP245\A0127950.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP246\A0127963.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128042.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128043.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128044.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP247\A0128045.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128126.dll Infected: Trojan-Downloader.Win32.Small.cml skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128131.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128134.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128136.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128137.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128138.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128140.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128142.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128144.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128145.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128151.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128258.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128260.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128297.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128303.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128322.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128323.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128326.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128334.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128335.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128337.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128341.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128342.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP248\A0128369.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128389.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128390.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128399.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP249\A0128402.dll Infected: not-a-virus:AdWare.Win32.Agent.c skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128404.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128416.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128434.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128437.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128438.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128439.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128489.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128492.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128496.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128499.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128500.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128563.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128565.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128566.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128567.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128568.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128569.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128570.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128571.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128580.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128581.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128583.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128592.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128593.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128598.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128602.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128611.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128621.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128626.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128627.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128628.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

C:\System Volume Information\_restore{FAD31253-1C6F-4667-9D3B-0B60ECC5D88D}\RP250\A0128631.dll Infected: Trojan-Downloader.Win32.Small.cml skipped

Scan process completed.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:02:19, 19/03/2006
+ Report-Checksum: C203FBA0

+ Scan result:

C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\RECYCLER\NPROTECT\00000251.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00000252.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000253.TXT -> TrackingCookie.Adrevolver : Cleaned with backup
C:\RECYCLER\NPROTECT\00000254.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00000255.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000256.TXT -> TrackingCookie.Paypopup : Cleaned with backup
C:\RECYCLER\NPROTECT\00000257.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00000258.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00000259.TXT -> TrackingCookie.Burstnet : Cleaned with backup
C:\RECYCLER\NPROTECT\00000260.TXT -> TrackingCookie.Tacoda : Cleaned with backup
C:\RECYCLER\NPROTECT\00000261.TXT -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\RECYCLER\NPROTECT\00000262 -> Adware.180Solutions : Cleaned with backup
C:\RECYCLER\NPROTECT\00000309.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000310.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000311.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000312.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000313.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000314.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000315.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000317.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00000324.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000325.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000326.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000327.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000328.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000329.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000330.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000331.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000332.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000335.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000336.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000337.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000348.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000349.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000350.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000352.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000353.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000354.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000357.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000358.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000359.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000362.TXT -> TrackingCookie.Burstnet : Cleaned with backup
C:\RECYCLER\NPROTECT\00000363.TXT -> TrackingCookie.Yadro : Cleaned with backup
C:\RECYCLER\NPROTECT\00000364.TXT -> TrackingCookie.Yadro : Cleaned with backup
C:\RECYCLER\NPROTECT\00000365.TXT -> TrackingCookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00000366.TXT -> TrackingCookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00000367.TXT -> TrackingCookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00000369.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000370.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000371.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000372.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000376.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000377.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000378.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000379.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000380.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000381.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000382.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000383.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000384.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000392.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000393.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000394.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000453.TXT -> TrackingCookie.Burstnet : Cleaned with backup
C:\RECYCLER\NPROTECT\00000467.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000468.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000469.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000470.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000471.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000472.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000473.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000476.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000479.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000480.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000481.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000482.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000483.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000484.TXT -> TrackingCookie.Euroclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00000494.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000498.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000533.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000534.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000535.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000536.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000537.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000538.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000539.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000540.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000541.TXT -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00000603.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00000604.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 17:53:58, on 20/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Graham\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link.../uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136149811671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.bootsdigitalphotocentre.c...pcuploader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Neal · #6 (**permalink**) 20-03-2006, 07:53 PM

Hi,

Did you install MIRC chat thingy on your computer, let me know. Kaspersky sometimes flags that as infected and is a false alarm. If you did not install that program then we will need to go after it.

A bunch of those Kaspersky results is under system restore and we will get rid of that as a final step.

Empty your Norton quarantine/delete.

Empty recycle Bin.

How is your computer behaving now?

grahjack · #7 (**permalink**) 20-03-2006, 08:19 PM

Hello Neal,

Yes I installed MIRC.
Have emptied Norton Quarantine and Recycle bin
All now appears to be OK, the dialer has not reappeared since I ran Ewido yesterday

Thanks

Graham

Neal · #8 (**permalink**) 20-03-2006, 08:31 PM

Great news, here are some tips and free security programs for you to consider, also instructions for flushing your system restore.

So here you go...

If you are no longer having any more trouble here is some preventative measures for you.

Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

http://forums.thatcomputerguy.us/ind...showtopic=1190

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained here:
Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Microsoft ME:

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
MS Antispyware beta: http://www.microsoft.com/athome/secu...e/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm

OutPost Personal Firewall:
Outpost

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free