Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

is this infection still on my Pc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

is this infection still on my Pc

Unread postby mullard » November 23rd, 2006, 5:37 pm

Hi Iam new to this? but here goes.
On the 19th nov ZoneAlarm Security Stuite told me I was infected with this virus Win32.Clspring!generic and the Quarantine failed.

So I ran ZoneAlarm anti-virus / anti-spyware again and it came up clean.

Is this Win32.Clspring!generic still on my Pc.
this is my hijack log, Help welcome.

Logfile of HijackThis v1.99.1
Scan saved at 00:44:08, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Tevion\PVR Plus\TVR\Scheduled.exe
C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tevion\TV713X\P3XRCtl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BandwidthMeter\BandwidthMeter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcadvisor.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PC Advisor
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Tevion\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Tevion\TV713X\P3XRCtl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcadvisor.co.uk
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9356823656
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37710.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Ç-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND
Advertisement
Register to Remove

is this infection still on my Pc

Unread postby mullard » November 23rd, 2006, 5:58 pm

Sorry I should have said.
I have also ran Ad-Aware SE Personal, Spybot-Search & Destory they both told me my system was ok.

also ran SpywareBlaster, CCleaner.
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND

Unread postby mullard » November 23rd, 2006, 8:57 pm

update


KASPERSKY ONLINE SCANNER REPORT


Thursday, November 23, 2006 11:39:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/11/2006
Kaspersky Anti-Virus database records: 245058
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 53841
Number of viruses found 3
Number of infected objects 25 / 0
Number of suspicious objects 0
Duration of the scan process 00:36:43

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\cert8.db Object is locked skipped
C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\history.dat Object is locked skipped
C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\key3.db Object is locked skipped
C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\parent.lock Object is locked skipped
C:\Documents and Settings\les\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\11067B04d01/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\11067B04d01/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\11067B04d01 NSIS: infected - 2 skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\14067B04d01/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\14067B04d01/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\14067B04d01 NSIS: infected - 2 skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\17057B04d01/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\17057B04d01/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\17057B04d01 NSIS: infected - 2 skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\les\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Temp\Perflib_Perfdata_73c.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avz skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.awu skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe/stream Infected: Trojan-Downloader.Win32.Zlob.awu skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe NSIS: infected - 3 skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe UPX: infected - 3 skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\les\ntuser.dat Object is locked skipped
C:\Documents and Settings\les\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Yazzle1461OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109553.exe/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109553.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109553.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109554.exe/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109554.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109554.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109555.exe/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109555.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109555.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6E06E37B-328A-48C5-8B8F-FD3094CC8FAA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\change.log Object is locked skipped
Scan process completed.
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND

Unread postby Linkmaster » November 24th, 2006, 8:09 am

Hi mullard, Welcome to MalWare Removal !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download ATF (Atribune Temp File) Cleaner© by Atribune

Download and Install AVG Anti-Spyware© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware

Reboot to Normal Mode

Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log, the AVG Anti-Spyware Log, and the Kaspersky Virus Scan Log here

Thank You !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby mullard » November 24th, 2006, 4:18 pm

Linkmaster thank you.

Here are the Logs you asked for.

Logfile of HijackThis v1.99.1
Scan saved at 20:01:38, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Tevion\PVR Plus\TVR\Scheduled.exe
C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tevion\TV713X\P3XRCtl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BandwidthMeter\BandwidthMeter.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\les\My Documents\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcadvisor.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PC Advisor
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Tevion\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Tevion\TV713X\P3XRCtl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcadvisor.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9356823656
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37710.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Ç-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:06:37 24/11/2006

+ Scan result:



C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\DAF1E752d01 -> Adware.DriveCleaner : Cleaned.
C:\Program Files\Common Files\Yazzle1461OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
:mozilla.15:C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.16:C:\Documents and Settings\les\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 24, 2006 8:00:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/11/2006
Kaspersky Anti-Virus database records: 245252
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 53708
Number of viruses found: 3
Number of infected objects: 25 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:39:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\les\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\11067B04d01/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\11067B04d01/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\11067B04d01 NSIS: infected - 2 skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\14067B04d01/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\14067B04d01/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\14067B04d01 NSIS: infected - 2 skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\17057B04d01/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\17057B04d01/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache\17057B04d01 NSIS: infected - 2 skipped
C:\Documents and Settings\les\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\History\History.IE5\MSHist012006112420061125\index.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Temp\Perflib_Perfdata_194.dat Object is locked skipped
C:\Documents and Settings\les\Local Settings\Temp\~DF82A8.tmp Object is locked skipped
C:\Documents and Settings\les\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.avz skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.awu skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe/stream Infected: Trojan-Downloader.Win32.Zlob.awu skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe NSIS: infected - 3 skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe UPX: infected - 3 skipped
C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\les\ntuser.dat Object is locked skipped
C:\Documents and Settings\les\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\les\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109553.exe/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109553.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109553.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109554.exe/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109554.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109554.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109555.exe/data0003/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109555.exe/data0003 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP410\A0109555.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP411\A0110723.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP411\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\GATEWAY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B6AE789C-0028-47BE-90C2-D6E723E4E33D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT06987.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT069bc.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Thanks again

Regards Mullard
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND

Unread postby Linkmaster » November 24th, 2006, 10:17 pm

Open Windows Explorer, locate and Delete the following folders or files in RED : (if present)

C:\Documents and Settings\les\My Documents\downloads\ppmanager.1035.exe

Empty the contents of this folder :

C:\Documents and Settings\les\Local Settings\Application Data\Mozilla\Firefox\Profiles\v2gmqmx1.default\Cache

Empty your Recycle Bin

Post a fresh HijackThis log and let me know how your system is running now ??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby mullard » November 25th, 2006, 9:56 am

Hi Linkmaster

Have delete the folders/files you asked about.

I am testing my system now, will keep you up to date if I have any Problems.

This is my lastest hijackthis Log (3)

Logfile of HijackThis v1.99.1
Scan saved at 13:39:59, on 25/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Tevion\PVR Plus\TVR\Scheduled.exe
C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tevion\TV713X\P3XRCtl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BandwidthMeter\BandwidthMeter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\les\My Documents\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcadvisor.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PC Advisor
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Tevion\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Tevion\TV713X\P3XRCtl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcadvisor.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9356823656
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37710.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Ç-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE


Regards M
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND

Unread postby Linkmaster » November 25th, 2006, 10:20 am

Your log seems to be OK now !!

Just one more thing :
**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

How is your system running now ??

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Real Time Prevention
SpywareBlaster© by Javacool Software :
*Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests
*Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
*Restrict the actions of potentially dangerous sites in Internet Explorer.
*Consumes no system resources

*Download, run, check for updates, download updates, select all, protect against checked. All done
*Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Good Free Antivirus Programs:
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Free Personal Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Outpost Firewall Free© by Agnitum Ltd
Jetico Personal Firewall© by Jetico, Inc.

Alternative Browsers :
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness
FireFox© by Mozilla
Opera© by Opera Software ASA

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby mullard » November 25th, 2006, 1:39 pm

Update

Before your last post I ran AVG Anti-Spyware in safe mode here is the report log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:37:06 25/11/2006

+ Scan result:



C:\System Volume Information\_restore{CDE9CBBA-A5A5-4A93-9EF1-25FB8F2AAD96}\RP411\A0110723.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).


::Report end

I have turn off system restore/reboot,
turn it back on/reboot.

Ran Zone Alarm Security Suite, came up clean.

Is it safe to have Zone Alarm Security Suite and AVG Anti-Spyware running at the same time.

Thank you for All the links, I have most of them on my system, before this problem came up, but thanks away.

I have (always on internet connection Cable)
also have a home network, all the PCs have firewall, Anti-Viris,Anti-Spyware running all the time, could they have been infected by this PC.

Regards Mullard
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND

Unread postby Linkmaster » November 26th, 2006, 10:24 am

You are very Welcome !!

Is it safe to have Zone Alarm Security Suite and AVG Anti-Spyware running at the same time

As long as you have just 1 antivirus running at a time !

I have (always on internet connection Cable)
also have a home network, all the PCs have firewall, Anti-Viris,Anti-Spyware running all the time, could they have been infected by this PC

If you Share files and printers, it is possible !! I share my internet through a router but NOT files or the printers !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby mullard » November 26th, 2006, 10:43 am

Linkmaster

Many thanks for your time and help, this will not be forgotten.

Regards Mullard
mullard
Active Member
 
Posts: 7
Joined: November 23rd, 2006, 4:37 pm
Location: ENGLAND

Unread postby Linkmaster » November 26th, 2006, 11:04 am

You are very Welcome !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby Nellie2 » November 26th, 2006, 4:02 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware