Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis Log

Unread postby Bette » September 22nd, 2005, 2:31 pm

I've run Norton, Microsoft antiSpyware and ad-aware, then disconnected and ran HJT. My main prob is svp.contextuad appearing in my history. My Norton log has ad ware, spyware and malware that won't remove itself. I'd be really chuffed if anyone could help!


Logfile of HijackThis v1.99.1
Scan saved at 19:16:48, on 22/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ISP] C:\Program Files\sony\ISPselector\ISPselector.exe /SCHEDULER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LL0sX] C:\windows\temp\LL0sX.exe
O4 - HKLM\..\Run: [NcQVxaCCa] C:\WINDOWS\liirf.exe
O4 - HKLM\..\Run: [5253d066dd5b] C:\WINDOWS\System32\cards470.exe
O4 - HKLM\..\Run: [NcQVxaCCaüžigÃ
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm
Advertisement
Register to Remove

Unread postby Woody_J » September 24th, 2005, 2:29 am

Hi Bette,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.

If you can do those three things, everything should go smoothly :D



Spybot S & D is available from here.

  1. Download and Install Spybot S&D (if you haven't already), accept the Default Settings
  2. In the Menu Bar at the top of the Spybot window you will see 'Mode'.
    Make certain that 'default mode' has a check mark beside it.
  3. Close ALL windows except Spybot S&D
  4. Click the button to ‘Search for Updates’ then download and install the updates.
  5. Next click the button ‘Check for Problems'
  6. When Spybot is complete, it will be showing ‘RED’ entries bold 'BLACK' entries and ‘GREEN’ entries in the window
  7. Make certain there is a check mark beside all of the RED entries ONLY.
  8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
  9. REBOOT normally to complete the scan and clear memory.



Please run HJT again, and repost a new log :D

Regards,

Woody_J
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA

Unread postby Bette » September 24th, 2005, 4:18 am

Thanks for your help. It picked up quite a few things!!!!
Here's the new log

Logfile of HijackThis v1.99.1
Scan saved at 09:15:45, on 24/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ISP] C:\Program Files\sony\ISPselector\ISPselector.exe /SCHEDULER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LL0sX] C:\windows\temp\LL0sX.exe
O4 - HKLM\..\Run: [NcQVxaCCa] C:\WINDOWS\liirf.exe
O4 - HKLM\..\Run: [NcQVxaCCaüžigÃ
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Woody_J » September 25th, 2005, 2:21 am

Hi Bette,


I see that you have Microsoft AntiSpyware installed. While this is a good program,
we need to disable your Microsoft AntiSpyware Real-time Protection
as it may interfere with the fixes that we need to make.
  • Open Microsoft AntiSpyware.
  • Click on Tools, then click Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Should I forget to remind you, please reverse the process when you’ve carried out the advice.



Ewido Security Suite Trial can be downloaded here.
When installing ewido, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
Run and update the program but do not scan with it yet.



Are your Norton virus definitions up to date?
If not, please run ‘Live Update’ and install all available.
Run a full system scan with latest definitions, and fix anything it finds.



In addition to the full Norton update and scan,

Run one (or both) of the following online scans:

Run Trendmicro Housecall
Select the 'Autoclean' option. Please tell me of any files it can't clean.

Run Panda ActiveScan
Please save the log it generates, I will need you to post it back here.



Reboot into SAFE MODE
  • Click here if you need help booting into safe mode.

    By pressing the F8 key right when Windows starts, usually right after you hear your computer
    beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
    you will be brought to a menu where you can choose to boot into safe mode.

    If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

    I have found that during boot up, right after the computer displays the equipment , memory, etc
    installed on your computer, if you start lightly tapping the F8 key you will usually be
    able to get to the desired menu.



With ALL OTHER WINDOWS CLOSED, run a full Ewido scan from safe mode, and note any problems you experience.

While scanning in safe mode, do not open any explorer windows or any other windows

To run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop

Close Ewido



REBOOT NORMALLY



Please post back with the Ewido log, any information from the online scan(s), along with a
fresh HJT log, and we’ll see what’s left.


Regards,

Woody_J
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA

Unread postby Bette » September 25th, 2005, 7:00 am

Nothing happens when I click to update Ewido. On the bottom of the windom on the left it says update.ewido.net not found.
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Bette » September 25th, 2005, 8:02 am

Forget the last post. I've done the updates. Here are the logs.

The Trendmicro Scan cleaned everything it picked up.

Panda Active Scan:

Incident Status Location

Adware:adware/gator No disinfected C:\Documents and Settings\Ben Davies\Local Settings\Temp\bundle.inf
Adware:adware/iedriver No disinfected C:\WINDOWS\SYSTEM32\terabyte.exe
Adware:adware/savenow No disinfected Windows Registry
Adware:Adware/MediaBack No disinfected C:\Program Files\HJT\backups\backup-20050922-162706-720.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\amstream.exe
Virus:Trj/Qukart.G Disinfected C:\WINDOWS\system32\Bcflfa32.dll
Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat
Virus:Trj/Qukart.G Disinfected C:\WINDOWS\system32\Cgogjm32.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRCTYF\casino-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRCTYF\dating[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRCTYF\drugs[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTYRKLIV\dating-ico[1].bmp
Virus:Trj/Multidropper.KH Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\all_files10[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\drugs-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\fav-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\fav[1].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UF897VG9\virus[2].bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDUZCXQB\casino[1].bmp
Adware:Adware/Sqwire No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDUZCXQB\tsupdate[1].ini
Virus:Trj/Qukart.G Disinfected C:\WINDOWS\system32\Ebgekgij.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\iehost34.exe
Adware:Adware/MediaBack No disinfected C:\WINDOWS\system32\mimecore.dll
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\pinstaller.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\terabyte.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\unwise56.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:52:55, 25/09/2005
+ Report-Checksum: F0E56BA5

+ Scan result:

:mozilla.69:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.70:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.71:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-1316815812-1565260261-2965699071-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{120E090D-9136-4B78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\phmsgs9j.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ben Davies\Application Data\Mozilla\Firefox\Profiles\wgchvjhr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfk4ghd5wbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfk4onajgkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkiamd5obo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkighcjilq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkikkdjgdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkiwocpcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkocgd5iko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkoepajehp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfkychcpefo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wflokldjseo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wflooncjigp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfmichcjwgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfmichdpggq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfmiqpczwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfmiugczifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wfmykndzalo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wgkyaocpclo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wgkycoajcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjk4cod5odp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjk4emczmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjkosldpshq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjl4gpcpoao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjl4shdzibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjlikhdjseo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjlookczskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjloqgajiep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjlougdjekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjlycjdzolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjmisicpsbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjmiumdjmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjmiwpczkcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjmygkcpwdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjmysgd5wbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@e-2dj6wjnyond5wlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Cookies\ben davies@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wfkigidpcho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wfkoahc5iap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wfkoojdjchp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wfkyopajwao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wflokld5kkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wjk4kkdjmcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ben Davies\Local Settings\Temp\Cookies\ben davies@e-2dj6wjkoohcpieq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\HJT\backups\backup-20050922-162706-720.dll -> Spyware.MediaBack : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6DFBDCB2-6DC7-4D81-A513-B0B16D\407A3453-F9E7-4985-80E2-4FF97A -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\amstream.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WDUZCXQB\clicks[1].dll -> Adware.MidADle : Cleaned with backup
C:\WINDOWS\system32\iehost34.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\mimecore.dll -> Spyware.MediaBack : Cleaned with backup
C:\WINDOWS\system32\pinstaller.exe -> Trojan.KillApp.f : Cleaned with backup
C:\WINDOWS\system32\terabyte.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\system32\unwise56.exe -> Spyware.AdSrve : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 12:57:35, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ISP] C:\Program Files\sony\ISPselector\ISPselector.exe /SCHEDULER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LL0sX] C:\windows\temp\LL0sX.exe
O4 - HKLM\..\Run: [NcQVxaCCa] C:\WINDOWS\liirf.exe
O4 - HKLM\..\Run: [NcQVxaCCaüžigÃ
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Woody_J » September 25th, 2005, 3:45 pm

Hi Bette,


Hopefully your Outlook Express issue is related to the following… check it when you’ve finished the
fix, and let me know if it’s still misbehaving.



1. Please allow 'On-Access scanning' for only one Antivirus programs.

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running.
The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

After you've decided which Antivirus program should do what, and set them accordingly, continue with the fix.



2. I see that you have Microsoft AntiSpyware installed. While this is a good program,
we need to disable your Microsoft AntiSpyware Real-time Protection
as it may interfere with the fixes that we need to make.
  • Open Microsoft AntiSpyware.
  • Click on Tools, then click Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Should I forget to remind you, please reverse the process when you’ve carried out the entire fix advice.



3. We need to stop malicious Services
  • Click "Start" button then select "Run"
  • Type services.msc then hit OK
  • Scroll down and find the service called.

    Microsoft Windows W32 Services
  • Right-click on Service and choose "Properties"
  • On the "General" tab under "Service Status" click the "Stop" button to stop the service
  • Beside "Startup Type" in the dropdown menu select "Disabled"
  • Click Apply then OK
  • Repeat steps 3-7 for each of the following services:

    start uploading
    wvsvc
    Microsoft Config
  • When all of the above are taken care of, exit the Services utility



4. Remove programs from Add/Remove Programs List
    Please go to:
    • Start
    • Control Panel
    • Add/Remove Programs

    Find and remove these programs (if they are present)

    • IST Bar
    • Integrated Search Techology





5. Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
[list][b][color=red]
O4 - HKLM\..\Run: [LL0sX] C:\windows\temp\LL0sX.exe
O4 - HKLM\..\Run: [NcQVxaCCa] C:\WINDOWS\liirf.exe
O4 - HKLM\..\Run: [NcQVxaCCaüžigÃ
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA

Unread postby Bette » September 25th, 2005, 4:55 pm

With reguards to the Microsoft antispyware stuff,f I did disable it but I thought I was meant to enable it before connecting to the internet again, so I did.

I also cant manage to find
Microsoft Windows W32 Services
Anywhere in the list my friends also cant find it, it’s not there!

Also these things
• IST Bar
• Integrated Search Techology
Are not in the list on my control panel

Sorry.
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Woody_J » September 25th, 2005, 5:15 pm

No problem... sometimes the fixes take care of themselves, even as
we chase them... although it means there will be some redundancy,
I think it's better to be safe than sorry.

Go ahead and skip over those steps and complete the fix.

(Getting close now) :D
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA

Unread postby Bette » September 26th, 2005, 5:18 am

Right, I couldn't find C:\WINDOWS\liirf.exe
C:\Program Files\ISTsvc
mssw32.exe
smsss.exe
wvsvc.exe
msconf.exe
My Adaware scan picked up 1 object - doubleclick.net
Here's the new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 10:08:09, on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ISP] C:\Program Files\sony\ISPselector\ISPselector.exe /SCHEDULER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Keyboard Closure Setup.lnk = C:\Program Files\sony\keyboard closure setup\KSWServ.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\sony\Giga Pocket\ReserveModule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5301687984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC2FB095-C37F-4AE2-97E1-2416F71C4A2A}: NameServer = 194.72.9.38 62.6.40.162
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\Giga Pocket\RM_SV.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

And my e-mail's still not working. On the bright side though, my p.c's quite quick again!!!!
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Woody_J » September 26th, 2005, 9:49 pm

Good news (sorta)... glad to hear the pc is back up and quick!
The log looks good!

Quick question, what email client are you using, Outlook, or Outlook Express?
and what error is it giving you? (or rather, what problem(s) are you experiencing)
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA

Unread postby Bette » September 27th, 2005, 3:16 am

It's this. I looked it up at the microsoft web site. It's outlook office 2003.

http://support.microsoft.com/default.aspx?scid=kb;en-us;318790

Thanks so much for your help. It's going to take a while for me to get used to clicking on something and it happening straight away!
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Woody_J » September 27th, 2005, 11:24 pm

Interesting that one of the first thing Microsoft suggests in that article is
Norton, and to uninstall and reinstall it. Is that something you've tried
already, now that we've cleaned the system up?
One of my first inclinations since you mentioned the problem started up
after we fixed the system, and you mentioned that your email stopped working
was that it was probably related to a firewall setting (or malfunction).


I suggest that you first, disconnect from the internet, then uninstall and reinstall the Norton apps.

(You could also try briefly disable your firewall before disconnecting, to see if it then connects properly, to narrow things down)

This should allow the firewall to reset it's allowed programs (to include
proper use of Outlook)

Once it is reinstalled, connect to the internet and download all the updates that you'll need.


As an afterthought, have you used Cleanup! 4.5 Beta ? There is a known issue
with that software/version combo... that might explain what's going on

Please let me know how you make out, or if you need some step by step
instructions... I'll do everything I can! :D


Woody
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA

Unread postby Bette » September 28th, 2005, 6:14 am

I'd wanted to wait to see what you said before I uninstalled it, so after doing it all seems to be working well! Thank you so much!!!!!! One last thing if you don't mind, I now seem to have a load of different virus/security software installed on my computer. I have Norton, Microsoft antispyware, ad aware, ewido, spybot and hijack this! Surely I don't need all of these do I? What are the best ones to keep?
Bette
Active Member
 
Posts: 9
Joined: September 22nd, 2005, 2:10 pm

Unread postby Woody_J » September 29th, 2005, 3:30 am

Actually, in this day and age, facing the rampant malware that's out to get you...
you don't have too much installed on your system. I know it can seem overwhelming,
but, then again, as I've heard said...
    "I'd rather have a gun and not need it, than need a gun and not have it"
There are some things to watch for, as mentioned earlier...
Running On-Demand antivirus scanners vs. On-Access scanners
It's not bad to get a second opinion with another On-Demand scanner
at any given time, as some antivirus scanners are more apt to find certain infections
than others. Such is not true for Firewalls, it's best to pick one that you like,
and stick with it. From what I see in your log, you have a good configuration.
What is required now, is mindful attention from you. Run the 'On-Demand'
scans whenever you get a chance... keep all your applications up to date.
It can be a bit consumptive, but it's the only way we can keep clean these days. :banghead:

That being said, you've earned my coveted 'All-Clean' speech as follows: :D

Log looks clean... great job!

Please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable
    and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

  3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.
    This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
    You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  8. Install Ad-Aware - Download and install Ad-Aware.
    You should also scan your computer with this program on a regular basis
    just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  9. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.


Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.


Woody_J

(All-Clean courtesy of Perculator)
User avatar
Woody_J
Regular Member
 
Posts: 234
Joined: August 20th, 2005, 12:41 am
Location: IN, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware