Trojan Virus(RESOLVED)

herndy_1 · #1 (**permalink**) 31-05-2006, 07:50 PM

What can I do about this?

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.ByteVerify
File: C:\DOCUME~1\Evan\LOCALS~1\Temp\AAWTMP\C619796\1601 A\javainstaller\InstallerApplet.class
Location: C:\DOCUME~1\Evan\LOCALS~1\Temp\AAWTMP\C619796\1601 A\javainstaller
Computer: HERNDON
User: Evan
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Wednesday, May 31, 2006 2:32:27 PM

It popped up while running a regular ad-aware scan today. This is not the first time I have received one of these messages from my Symantec Antivirus.

Neal · #2 (**permalink**) 31-05-2006, 11:22 PM

Welcome to DAL,

Go here and get hijackthis and post that log but before you do do the scans indicated below and post logs from both scanners plus a hijackthis log.

Read This First - IMPORTANT Instructions

Not sure what operating system you have yet but Ewido only works on 2000 and XP.

Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.

Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..

herndy_1 · #3 (**permalink**) 01-06-2006, 01:42 AM

Ok, here is my ewido scan:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:26:12 PM, 5/31/2006
+ Report-Checksum: 72087ACE

+ Scan result:

:mozilla.15:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Commission-junction : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Craig\Application Data\Mozilla\Firefox\Profiles\hv8p1onm.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Craig\Cookies\craig@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Craig\Cookies\craig@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Craig\Cookies\craig@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\iv0gnarb.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Evan\Cookies\evan@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\d1v4u6c2.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Seth\Application Data\Mozilla\Firefox\Profiles\r6cincws.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Seth\Application Data\Mozilla\Firefox\Profiles\r6cincws.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Seth\Cookies\seth@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Seth\Cookies\seth@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Seth\Cookies\seth@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tricia\Cookies\tricia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup

::Report End

AND HERE IS MY HIJACK LOG:

Logfile of HijackThis v1.99.1
Scan saved at 8:40:01 PM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111629887659
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1414B5F-D10D-497A-B9F2-B52C3BAB2C92}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

herndy_1 · #4 (**permalink**) 01-06-2006, 04:38 AM

Here are my BitDefender Online Scan Results:

BitDefender Online Scanner
Scan report generated at: Wed, May 31, 2006 - 22:15:17
Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics
Time
01:20:41

Files
687960

Folders
5083

Boot Sectors
5

Archives
3889

Packed Files
93208

Results

Identified Viruses

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3

Engines Info

Virus Definitions
385525

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File

Status

C:\Documents and Settings\Craig\Favorites\Search the web.url

Infected with: Trojan.Downloader.Agent.BQ

C:\Documents and Settings\Craig\Favorites\Search the web.url

Disinfection failed

C:\Documents and Settings\Craig\Favorites\Search the web.url

Deleted

C:\Documents and Settings\Kyle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-3c936701-7e7315d2.zip

Infected with: Trojan.Downloader.Java.Openstream.W

C:\Documents and Settings\Kyle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-3c936701-7e7315d2.zip

Disinfection failed

C:\Documents and Settings\Kyle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav ainstaller.jar-3c936701-7e7315d2.zip

Deleted

C:\System Volume Information\_restore{29A2E68D-E6DA-4DE5-A5A8-6ED6227E5DE9}\RP454\A0120301.dll

Infected with: Trojan.Winad.23040.DLL

C:\System Volume Information\_restore{29A2E68D-E6DA-4DE5-A5A8-6ED6227E5DE9}\RP454\A0120301.dll

Disinfection failed

C:\System Volume Information\_restore{29A2E68D-E6DA-4DE5-A5A8-6ED6227E5DE9}\RP454\A0120301.dll

Deleted

Here is my latest HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:29 PM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Updater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111629887659
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1414B5F-D10D-497A-B9F2-B52C3BAB2C92}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

herndy_1 · #5 (**permalink**) 01-06-2006, 04:55 AM

After you tell me what to fix for the virus, if anything, you will have to tell me what anti-malware, spyware, virus programs etc to delete.

Right now I have:
Symantec Antivirus
Windows Defender
Spybot
Adaware
Ewido
Hijackthis
Norton Ghost

Neal · #6 (**permalink**) 01-06-2006, 05:17 AM

Hi,

All those programs you have are fine but Norton is a resource hog.

Clear out your SunJava cache:

http://www.java.com/en/download/help/5000020300.xml

Then:

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)

Post a new hijackthis log and tell me how your computer is running now please.

herndy_1 · #7 (**permalink**) 01-06-2006, 05:36 AM

Here is my new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:31:49 AM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RioMSC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Updater.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111629887659
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1414B5F-D10D-497A-B9F2-B52C3BAB2C92}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

My computer seems to be running well. It started up quickly, and I haven't really been experiencing any problems lately. I actually had another HJT post going here which tells all about the problems I WAS having. I think I just caught the remains of the virus causing my problems today, and it seems as if they have all been found and deleted. I will keep you up-to-date.

Thank you very much. You guys are awesome. Seriously.
Evan

Neal · #8 (**permalink**) 01-06-2006, 09:26 PM

That's great news, thanks for stopping by,

If you are no longer having any more trouble here is some preventative measures for you.

Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

Read This First - IMPORTANT Instructions

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained Here:
Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender

http://www.microsoft.com/athome/secu...e/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm

OutPost Personal Firewall:
Outpost

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Block access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.

Mcafee SiteAdvisor

Surf the Net safer with SiteAdvisor, SiteAdvisor notifies you of safe sites or dangerous sites before you ever go there with a simple green check or a red x or a yellow caution when you do a Google search. Just put your cursor on the green check or red X or caution and recieve information about the site.

SiteAdvisor works with Internet Explorer and FireFox.

SiteAdvisor

See what it looks like Here

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free