HJT Log: Win Fixer/Virtumondo problem?

CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Catte Re: HJT Log: Win Fixer/Virtumondo problem? You're most welcome. I'm glad we could help
	to forum · permalink · · 2005-11-16 16:37:10 ·
Catte join:2005-11-14 UK	reply to CalamityJane According to Add/Remove Programs I now only have - J2SE Runtime Environment 5.0 Update 5. Version 1.5.0.50. I have uninstalled/reinstalled Norton AV and this seems to have repaired the irritating info bubble problem and the false reporting. On install Norton gave me a dialogue box to turn off redundant alerts from Windows Security. I've deleted all the quarantine folders for Pest Patrol, Spybot, Ad-Aware, Eiwido and Norton. I've followed your instructions for a disk clean up and reset restore points. I've downloaded and run MBSA 2.0 and made some changes to the issues it found in IE. I've also downloaded and run the MS Antispyware Beta program, it found 4 items that all the other programs had missed. Both of the above programs were a pleasure to use. Getting infected with Virtumondo has been a good learning experience for me. I'd like to thank you for your professional approach and skill in helping me sort out this PC. It's refreshing to get such swift, clear, accurate and friendly help in an online forum. Once again, many thanks
	to forum · permalink · · 2005-11-16 16:25:28 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Catte said by Catte : Am I fixed yet? I think so I need for you to look in the Control Panel under Add/Remove programs. Post back here with what versions of Sun Java are installed (there may be more than one - I need to know all of them). See this thread for more info about a possible vulnerability in Sun Java that has been exploited by Winfixer & Vundo. »Potential Vulnerability with Sun Java auto update .................. If you continue to see errors from Norton, you might want to uninstall/reinstall to make sure it wasn't damaged in some manner. You can delete the VundoFix folder. Keep or uninstall Ewido, however we recommend keeping it as a ondemand scanner for extra protection. It will nag you about buying it, but you can still keep it for free after the 2 week trial, you'll just need to manually update it before scans and won't have the resident protection. Clean out all of the quarantine folders for Pest Patrol, Spybot, Adaware, Ewido and Norton. Do a disk cleanup using the Windows Disk Cleanup Utility. Go to Start > Run and type in the box: cleanmgr Windows will scan your system for unnecessary files to delete. When it finishes it will present a list of options. Make sure these three are checkmarked for deletion, and press ok to delete them Temporary Files Temporary Internet Files Recycle bin Do that for each user on the system. .................. Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why? One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (winXP) 1. Turn off System Restore. Go to Start > Run, click on My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. Go to Start > Run, click on My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. How to Turn On and Turn Off System Restore in Windows XP »support.microsoft.com/default.as···s;310405 Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help . »Security »How do I prevent browser hijacks and spyware? I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable! Windows Update »v4.windowsupdate.microsoft.com/e···ault.asp And see this link for instructions on how to configure the enhanced security features in SP2: »www.microsoft.com/technet/securi···cxp.mspx I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes. MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here: Microsoft Baseline Security Analyzer »www.microsoft.com/technet/securi···ome.mspx Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you. Microsoft also has a free Antispyware program that offers resident protection to prevent infections as well. I do recommend it as an extra layer of protection for you. »www.microsoft.com/athome/securit···ult.mspx It's very good for realtime protection even as a Beta! -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-11-16 09:55:01 ·
Catte join:2005-11-14 UK	reply to CalamityJane I hope this hasn't posted twice, I replied to you and the post didn't appear... so I'm trying again. CalamityJane, thankyou for your help. You are a goddess! I've followed your instructions with HiJack This and rebooted. On reboot, no Dial-Up Connection box appeared, nor did the Win Fixer 2005 dialogue box. An info bubble did appear telling me incorrectly that Norton Av Autoprotect was switched off. I checked, it wasn't and there was no red cross through the icon in the System Tray. Search could not find nyfyiuk.exe or pnmdety.exe. I had a 'manual' look in C:\Windows and could not see either file. Here is the last HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 13:38:11, on 16/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE I:\Alias\Maya6.0\docs\Wrapper.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe I:\Alias\Maya6.0\docs\jre\bin\java.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\WService.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\HJT\hijackthis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.wanadoo.co.uk/iesearch/default.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WService] WService.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - »us.chat1.yimg.com/us.yimg.com/i/···scom.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - »https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »by101fd.bay101.hotmail.msn.com/r···Upld.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - »chat.yahoo.com/cab/yacsui.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »acs.pandasoftware.com/activescan···inst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - »messenger.msn.com/download/msnme···ader.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - I:\Alias\Maya6.0\docs\Wrapper.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe Am I fixed yet?
	to forum · permalink · · 2005-11-16 08:54:52 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Catte This is definitely a different setup for Winfixer but that's what it is alright. I think we can get this with HJT You've done such a great job of precleaning ................. Make a copy of these instructions so you have them handy as the next steps need to be done with all browsers including IE closed. Make sure your PC is configured to show hidden files How to Show Hidden Files »www.xtra.co.nz/help/0,,4155-1916458,00.html Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. ............... Close all windows and any open browsers. In normal mode, scan with HijackThis and place a checkmark beside these entries, then press the fix checked button O4 - HKLM\..\Run: [rZCA] C:\WINDOWS\nyfyfiuk.exe O4 - HKLM\..\Run: [apcCbok] C:\WINDOWS\pnmdety.exe O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - »software-dl.real.com/087cde02fb5f42e35.. O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - »66.117.37.13/dbn283.exe Search for and delete these files (if found) - they may have already been removed in a prior cleaning. C:\WINDOWS\nyfyfiuk.exe C:\WINDOWS\pnmdety.exe Reboot your PC. Scan again with HijackThis and post a fresh log please -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-11-16 08:13:48 ·
Catte join:2005-11-14 UK	reply to CalamityJane Thanks Calamity_Jane Both out of date Javas now removed. I look forward to your further help
	to forum · permalink · · 2005-11-16 08:00:00 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Catte Hi Catte, Welcome to the forum. And thank you for such a thorough writeup of what you have done so far - well done! I'm going through your logs right now - it'll take a bit as these don't have the usual Vundo entries, but there is some other strange stuff I need to sort through. Meanwhile, uninstall these two older versions of Sun Java via Add/Remove programs in the Control Panel Java 2 Runtime Environment SE v1.4.2.06 -- Remove J2SE Runtime Environment 5.0 Update 2 -- Remove Keep this one as it is the most current version: J2SE Runtime Environment 5.0 Update 5 -- keep I'll be back after I have a chance to examine these logs and write up a detailed reply. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-11-16 07:54:05 ·
Catte join:2005-11-14 UK	It looks as if I have been infected with WIn Fixer 2005. When I boot/reboot my PC the old Dial-Up Connection Box appears (I am on broadband) when I close this a dialogue box saying "Win Fixer 2005 - Service Unavailable" appears. Something is also affecting how Win XP Pro picks up whether Norton AV Autoprotect is running and a bubble appears falsly reporting that Norton is switched off. Sometimes there is a red cross over the Norton AV icon in the system tray and sometimes not. In Task Manager I have found this file running - UWFX5_0001_N56M0311NetInstaller.exe. I end this process and the dial-up box doesn't reappear until I reboot. I have tried to locate this file to delete it, I have blocked it having access to the net with Zone Alarm. subapi.log reports this file as: C:\DOCUME~1\Jane\LOCALS~1\Temp\ICD2.tmp\UWFX5_0001_N56M0311NetInstaller.exe" will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject. [2005/11/13 11:17:06 3208.6] The file does not appear to actually be there. I have run Spybot SD, Pest Patrol, Ad-Aware, Eiwido (in Safe Mode) and Norton AV. Spybot, Adaware, Pest Patrol and Ewido have all found infections and removed them. Norton has not found anything amiss at all. All programs I have used are up to date. From past threads about this problem I have downloaded and run 2 Symantec fixes as the threads instruct for Virtumondo removal - FixVundo.exe 1.4.0 FxVMonde.exe 1.0.3 Both fixes report I am not infected with Virtumondo. I have the following version of Java installed - Java 2 Runtime Environment SE v1.4.2.06 J2SE Runtime Environment 5.0 Update 2 J2SE Runtime Environment 5.0 Update 5 I have checked on the Sun Java site and my versions are up to date. I have also run Panda Active Scan which reports that it found no infections. As per previous threads I have downloaded the Atribune Fix - VundoFix.exe. It appears from past threads that the instructions are user specific regarding filepaths, so I have not yet run this fix as I'm concerned I'll mess it up without advice. I hope someone can help HIJACK THIS LOG: Logfile of HijackThis v1.99.1 Scan saved at 10:46:09, on 16/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE I:\Alias\Maya6.0\docs\Wrapper.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\PROGRA~1\Iomega\System32\AppServices.exe I:\Alias\Maya6.0\docs\jre\bin\java.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\system32\WService.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.wanadoo.co.uk/iesearch/default.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WService] WService.EXE O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [rZCA] C:\WINDOWS\nyfyfiuk.exe O4 - HKLM\..\Run: [apcCbok] C:\WINDOWS\pnmdety.exe O4 - HKLM\..\Run: [NI.UWFX5_0001_N56M0311] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe" -nag O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - »us.chat1.yimg.com/us.yimg.com/i/···scom.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - »https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - »by101fd.bay101.hotmail.msn.com/r···Upld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - »software-dl.real.com/087cde02fb5···E601.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - »chat.yahoo.com/cab/yacsui.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »acs.pandasoftware.com/activescan···inst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - »messenger.msn.com/download/msnme···ader.cab O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - »66.117.37.13/dbn283.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - I:\Alias\Maya6.0\docs\Wrapper.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe EIWIDO SCAN LOG: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 11:06:34, 16/11/2005 + Report-Checksum: BC10FF57 + Scan result: C:\Program Files\PestPatrol\Quarantine\20041216145855875.zip/Documents and Settings/Jane/Cookies/jane@statcounter[1].txt -> Spyware.Cookie.Statcounter : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20041216145855875.zip/Documents and Settings/Jane/Cookies/jane@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20041216145855875.zip/Documents and Settings/Jane/Cookies/jane@fastclick[2].txt -> Spyware.Cookie.Fastclick : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20041216145855875.zip/Documents and Settings/Jane/Cookies/jane@burstnet[2].txt -> Spyware.Cookie.Burstnet : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20041216145855875.zip/Documents and Settings/Jane/Cookies/jane@advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20050511102416.zip/Program Files/media access/mediaaccess.exe -> Spyware.WinAD : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20050515195350.zip/WINDOWS/downloaded program files/istactivex.dll -> TrojanDownloader.IstBar : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20050601192030.zip/NOW/Funny Fings/JOKEexes/scan.exe -> Not-A-Virus.BadJoke.FakeDel.e : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20050708152433.zip/WINDOWS/system32/dbaccess.exe -> Dialer.Generic : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20051025135225.zip/WINDOWS/downloaded program files/istactivex.dll -> TrojanDownloader.IstBar : Error during cleaning C:\Program Files\PestPatrol\Quarantine\20051111151859.zip/WINDOWS/downloaded program files/istactivex.dll -> TrojanDownloader.IstBar : Error during cleaning ::Report End
	to forum · permalink · · 2005-11-16 07:09:40 ·


Monday, 22-Mar 06:02:42	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10.5 years online! © 1999-2010 dslreports.com. republican-creole page compression OFF