Jump to content


HELP ME IM TEH NEWB

Started by ohihih, Jun 18 2006 08:47 PM

  • You cannot reply to this topic
3 replies to this topic

#1 OFFLINE   ohihih

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 18 June 2006 - 08:47 PM

Logfile of HijackThis v1.99.1
Scan saved at 21:38:24, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\wlgoah.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hel\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bath.ac.uk/internal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\wlgoah.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097693234031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141243447421
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab40746.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomg...gamesplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bath.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = bath.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bath.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

#2 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 18 June 2006 - 11:23 PM

Hi ohihih, Welcome to the forum :)

There afew problems showing in the log which I will mention below then its best to start with a malware scan and we can take it from there.

First can you disable Microsoft Antispyware's real time protection so it doesnt interfere with the Adware removal or HijackThis fixes.
  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
You can re-enable it once your system is clean.

Goto Start Menu > Control Panel > Add or Remove Programs and remove SurfAccuracy

Next run Hijack This and choose Do A System Scan then place a check next to these entries

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\wlgoah.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - ht*p://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

Close all open browser and other windows except for Hijack This and press the Fix Checked button


Then delete these files and folders

C:\Program Files\SurfAccuracy <--Delete folder
C:\WINDOWS\wlgoah.exe <-- Delete file

Let us know if you have any problem finding or removing them.


Next download Ewido Anti-Malware from HERE
  • When installing, under "Additional Options" uncheck "Install background guard"
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful"),
  • Click on the Scanner button in the left menu, then click Complete System Scan.
If ewido finds anything, it will pop up a notification. You can select Remove and check the boxes Perform action with all infections and Create encrypted backup before clicking on OK.
When the scan finishes, click on Save Report. This will create a text file that you can save to the desktop and post back

Finally generate a list of the Add/Remove screen entries to make sure there isn't any problems showing:

Open Hijackthis, In the lower right corner click the Config... (Configuration) button.
Once in the Configuration panel, click Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Please then post back the Ewido report, the uninstall list along with a new HijackThis log

Thanks

Andy

#3 OFFLINE   ohihih

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 20 June 2006 - 06:28 PM

Hi andy

I think this is everything u requested i send. Have I solved the problem now...?

Helen


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:17:54 20/06/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\Hel\Local Settings\Temp\temp.frCA2C\SAccU.exe -> Adware.SurfAcc : Cleaned.
C:\Documents and Settings\Hel\Local Settings\Temporary Internet Files\Content.IE5\6DRK5WVQ\uninstaller.prod.v1002.23mar2006.exe[1].0c49b348ce1d3b98bec782d48a948dc2 -> Adware.SurfAcc : Cleaned.
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP369\A0031742.exe -> Adware.SurfAcc : Cleaned.
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP369\A0031751.exe -> Adware.SurfAcc : Cleaned.
C:\Documents and Settings\Hel\Local Settings\Temp\temp.frCA2C\SAcc.exe -> Adware.SurfAccuracy : Cleaned.
C:\RECYCLER\S-1-5-21-2111168622-3496252250-2736347563-1005\Dc18.exe -> Adware.SurfAccuracy : Cleaned.
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP369\A0031750.exe -> Adware.SurfAccuracy : Cleaned.
C:\Downloads\DinerDashSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP372\A0031823.exe -> Adware.VB : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP369\A0031746.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\02FB9B89-39F4-45AA-9A20-1A93F5\4558CA2B-AAA3-4606-B074-49645F -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\06BA7259-B230-4107-AA06-08E42C\E239A087-8021-491C-86E6-B10980 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1004A8A3-C620-48EE-807E-2D2606\E56991E1-8E4A-4141-B2EC-95F001 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\11EDB4F7-9BBD-4749-86BA-FF6CBE\EA0097BB-09E2-4F4A-9128-448908 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\13CECC88-AFF2-40E5-AE98-C696D1\CAAB324E-CC2A-4235-A334-B3EDD1 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1E3343AB-2805-4A03-A912-CD1600\86EDB5A6-30D3-4E73-ABA6-E232B7 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\26BD10BA-3A06-4269-BCCF-3CCD60\F69A8DAC-2440-4195-8B85-50A452 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\26C20CAB-5912-4960-86F5-5294FB\6F058036-3E2E-423F-B8CF-B879E1 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\38A60891-1158-40C6-ABE6-0DDC15\E71B8AEA-25AA-496B-A39F-B23657 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\448E3991-F733-4E6A-8185-220912\69677C67-EB80-4119-B244-FE9DEF -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\48DF05C3-7823-4B05-BFC9-F3B11E\85F98912-5241-43A1-81C2-8B2900 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4D28A6FA-BFAE-4708-A2D6-CB2535\051F5955-6B03-49CB-B3CE-EC9A43 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5285D4F3-4921-4F03-8BE2-280597\7958FE48-9C00-4B11-8112-6D496B -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\56A9F40F-2317-4DF0-BA39-A964ED\C7649E13-E6D2-4E63-ADB8-A9004A -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\5BB4BB38-1199-4D70-9FF2-AC6B1A\410B63DD-1901-4575-8832-57B065 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\65E15805-0E47-4A66-ABF9-8E4DAC\7BE90CF3-EAA0-485F-B292-58FBB3 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\66BEF0AD-3EF2-4B52-95D1-850BC4\24133BD5-ECE8-4809-99B5-157BD2 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\6CA95CB1-F3E4-4FB1-92D7-EE3A83\0654C2DA-6A18-40B2-8C6C-8F9869 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\73D4A9B4-4747-49D9-85B6-E4A39D\BE1A48B4-131C-42F9-ADE0-1AE09F -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\7937AF6A-8718-4EE8-8177-3DA017\45E07A3A-64EC-4808-AE9B-E69414 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8397DC0B-D061-42E9-8D8B-113AE2\024629F9-9D42-487C-8970-0F955D -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\88365A81-26D6-46F6-B7BC-7EB0C9\DF80318B-763B-4B9D-9361-A946F9 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8C22E1D1-0BC1-4108-96AE-A0AE8B\33306856-A9CC-4021-9E03-B1B733 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9372522D-701B-4F3C-A23A-4C96DA\BA313586-92CC-454D-A38B-0915FE -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\97780EFE-4A16-4AE3-BF7A-34A8E5\808E7CCD-E275-4C01-BB33-8A9F0C -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\99AC2248-819E-4C73-8777-BE766A\D13D8428-550C-4177-84FE-33BF56 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\A1CFD2A4-AD2E-48B1-9D34-E6AEA9\C7EF7054-87D8-4E5E-92D8-C3F178 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\A2660881-CF50-4724-9B32-F2DC19\A7C50143-61B0-4E2B-8C08-3F731B -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\A9EF938A-F4B7-4AB0-A041-810B54\E94215E1-41BA-4EE4-82A8-B314FE -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BA6F1785-E742-4D4C-9714-D17AFD\FC94A436-3E36-40DB-AA56-243312 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C08A0DD8-436F-4858-80AA-FC83AE\319B1617-D2A7-4B9B-95EE-A05C8C -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C9A753FB-223E-4DB2-99DA-B8AEA5\6B1A7553-83E1-4DC2-B24B-6F5F69 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D9A2BB7D-B596-407B-A1CD-79889E\DEBE8606-FEC7-4833-86E3-801D27 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\DACD7760-F1B6-4B58-AEF2-C6FCB6\90D30093-E247-4665-8EA4-5B4900 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E5037F78-1164-42A8-B174-4FA099\540EBE4F-8BD0-418B-96DC-1C8FA9 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\E57E2CF9-572F-46FC-95E3-C8A975\41447121-2B41-4B3A-ABC9-68EAE6 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\EC40412B-0FC8-4840-B3A0-0BCE97\2262872F-0DB9-45BE-A676-6261F8 -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Hel\Desktop\HijackThis\backups\backup-20060620-175543-804.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
C:\Program Files\WinAntiSpyware2006.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\Documents and Settings\Hel\Cookies\hel@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Hel\Cookies\hel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end


uninstall list

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.7
Bear Hug
Belkin Wireless Setup utility
Control Station 3.7
ewido anti-spyware 4.0
ffdshow (remove only)
Force 2.0
Google Gmail Notifier
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
InterActual Player
iTunes
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
MATLAB Family of Products Release 14
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Works 7.0
MSN Messenger 7.5
MSN Toolbar
myTunes Redux 1.0
Nero 6 Ultra Edition
Norton WMI Update
overland
QuickTime
Registry Mechanic 5.0
Sandlot Games Client Services
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sonic RecordNow!
Sophos Anti-Virus
Sophos AutoUpdate
Ulead Photo Express 4.0 My Custom Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
Westwood Shared Internet Components
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver


Logfile of HijackThis v1.99.1
Scan saved at 19:21:51, on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hel\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bath.ac.uk/internal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097693234031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141243447421
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab40746.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomg...gamesplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bath.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = bath.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bath.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

#4 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building &amp; Design, Malware Testing/Research and spending time with friends &amp; family.

Posted 20 June 2006 - 09:15 PM

Hi Helen

Just one or two things remaining,

Can you goto Start Menu > Control Panel > Add or Remove Programs

Left click remove on Messenger Plus 3 and it will open the Uninstaller screen

Posted Image

Choose to uninstall the Sponsor as its the LOP infection then click Uninstall and enter the number that shows on screen.

After removal close the Add/Remove screen then open it again to make sure it shows the sponsor has been removed.

Posted Image


Next Clear the System restore points on the PC as some had malware inside them.

To clear all the infected System Restore points Click :

Start Menu > All Programs->Accessories->System Tools->System Restore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created.


Please then download Ccleaner if you do not already have it from Here.

Run Ccleaner, If you wish to keep your cookies saved please uncheck the cookies cleaning option on the menu to the left then press the Run Cleaner button. When its finished removing Temp files you can exit Ccleaner.

Let us know if you have any problems

Cheers

Andy
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell