Hi, I'm new at this and don't quite know what I'm doing or how I got here but here goes could someone please check my log?hijackthisdeb
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Deb\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154193943156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79A1A736-697F-45E5-8AAA-7AE14C4601B8}: NameServer = 67.69.184.236 67.69.184.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

is this correct, is this all you need? Please help and thank you, it could take me a bit to get back here to figure this out but again thanks, Deb

HI Deb

Your hijackthis log is clean...

What makes you think you have a bad virus ?

First put hijackthis into a permanent folder (for your own safety)... then I'll tell you what to delete ... here's how :-

PLease do this first - go to C: and create a new permanent folder (call it hijackthis) ...Then put (or download - choose "save" not "run") the hijackthis.exe file in it (You must unzip it if it's zipped)...... so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder it will not be able to create backups ) click Do a system scan and save a logfile

Or if you find that difficult to follow....

Download a self-extracting copy of HijackThis from :-
http://downloads.malwareremoval.com/hijackthis_sfx.exe
1. save it to your Desktop.
2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
C:\Program Files\HijackThis
3. Go to this folder and run the hijackthis.exe file
4. click Do a system scan and save a logfile
5. Copy & paste the logfile into your next post here...

steam

Hi and thank you, well I got back here and I'm trying to download hijack this into permanent folder and having problems why do I think I have a virus? Avg log has 7 viruses and can't get rid of them java veribyte, etc. etc. Also had a ton of problems with Norton and uninstalled it? but looking at this hijack log is it still in my computer? Totally confused I will keep trying to get hijack this into a folder and run it, do I need winzip for this? Thanks for now Deb

HI debbieu

Delete the hijackthis that you have and follow the instructions in my post above from .... Download a self-extracting copy of HijackThis from :-

This is a self extracting exe file ....you don't need winzip or any other zip rpogram...

AS for ....


Avg log has 7 viruses and can't get rid of them java veribyte, etc.


These are probably infected java applets...


See this link for how to clear your java cache ... follow the instructions... let me know if you don't understand any of it...

http://www.java.com/en/download/help/5000020300.xml

then check AVG again...

steam

Hi, I'm back, finally figured out some things 1) got hijack this in a folder, I think? Ran AVG still several issues: kernel 32.dll change and shell 32.dll change also misc. things: 6 in total: Java/bytverify, Java/Openstream.C, trojan: java/classloader also classloader.D., trojan downloader: Java/openstream.J and trojanDropper: Java/Beyond.E. I did what you told me re: cache, also ran one step windows care and cannot fix. Last I no longer have symantec norton as I had a lot of issues with it, but is it still on my computer according to this log? Thank you for all of your patience, I'm trying hard to figure this out and I know I'm really slow at it. Apreciate it
Deb, Here goes my log:
Scan saved at 1:12:54 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Deb\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154193943156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79A1A736-697F-45E5-8AAA-7AE14C4601B8}: NameServer = 67.69.184.236 67.69.184.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Hi

Yes ... you have hijackthis in permanent folder now...

I need to see the avg scan results....

1. Right click the AVG icon in the systray...

2. Click launch AVG control center

3. Click Test Center

4. Click Test results

-
You have nothing relating to a symantec\norton installation... the O16 entries are on-line activeties, you can remove all the O16 entries with Symantec in them, with hijackthis ...

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab


steam

Hi, Sorry I'm so ignorant here but I'm not sure how to send you the avg scan results, systray? I did the hijack this tick and fix thing, I can see the test results but can't figure out how to copy these for you help? sorry I'm not better at this!Deb

Hi

To get the AVG log, so that you can post it....

1. Go to the test center

2. double click complete test so that all the results are shown

3. On your keyboard, hit Ctrl + S

4. The "save as" box will pop up...

Save in: desktop

Filename: ... call it avgresults

Save as type: leave as it is ...

5. Click save

6. Go to your desktop, and you will see a file ... avgresults.csv (this will open in Microsoft Excel if you have it, but don't worry about that)

7. Right click avgresults.csv > rename > rename it to avgresults.txt

8. double click the avgresults.txt & it will open in notepad ...

9. Copy & paste it into your next post here (the same way you did the hijackthis log)

steam

Hi, I tried that and when it opened in excel I thought :oops: , now I just did what you said and i renamed it but it's still in excel, did I do something wrong again? Should I send results to you in excel? I will keep trying to get results in notepad in the meantime. Thanks, Deb

Hi

I think I know what the problem is...

When you look at the file before opening it, do you see the file extension ?

The file should look like this :-

avgresults.csv

but if all you see is :-

avgresults

then when you add the .txt

it will add it like this :-

avgresults.txt.csv

And it will still open in excel...

Please do this :-

Click > Start > My computer > Tools > Folder options > view tab ...

In the Advanced setting window, scroll down to Hide extensions for known file types & take the checkmark out

of it .... > Apply > OK

Now go back to the file and make sure it just says :-

avgresults.txt

cheers

steam

:D: Okay here g
"Boot sector of disk C:","- OK -","Quick checked"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit","","Scanned"
"System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
"System registry exefile\shell\open\command","","Scanned"
"System registry scrfile\shell\open\command","","Scanned"
"System registry scrfile\shell\config\command","","Scanned"
"System registry batfile\shell\open\command","","Scanned"
"System registry cmdfile\shell\open\command","","Scanned"
"System registry comfile\shell\open\command","","Scanned"
"System registry piffile\shell\open\command","","Scanned"
"System registry giffile\shell\open\command","","Scanned"
"System registry htmlfile\shell\open\command","","Scanned"
"System registry htafile\shell\open\command","","Scanned"
"System registry jpegfile\shell\open\command","","Scanned"
"System registry txtfile\shell\open\command","","Scanned"
"System registry regfile\shell\open\command","","Scanned"
"System registry cplfile\shell\cplopen\command","","Scanned"
"System registry Word.Document.8\shell\open\command","","Scanned"
"System registry WordPad.Document.1\shell\open\command","","Scanned"
"System registry inffile\shell\open\command","","Scanned"
"System registry vbsfile\shell\open\command","","Scanned"
"System registry vbefile\shell\open\command","","Scanned"
"C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe","- OK -","Quick checked"
"C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe","- OK -","Quick checked"
"C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe","- OK -","Quick checked"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe","- OK -","Quick checked"
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe","- OK -","Quick checked"
"C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe","- OK -","Quick checked"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe","- OK -","Quick checked"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE","- OK -","Quick checked"
"C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe","- OK -","Quick checked"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE","- OK -","Quick checked"
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe","- OK -","Quick checked"
"C:\Program Files\QuickTime\qttask.exe","- OK -","Quick checked"
"C:\Program Files\Real\RealPlayer\realplay.exe","- OK -","Quick checked"
"C:\Program Files\iTunes\iTunesHelper.exe","- OK -","Quick checked"
"C:\WINDOWS\regedit.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\NeroCheck.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\dla\tfswctrl.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\hkcmd.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\igfxpers.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\igfxtray.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\mshta.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\rundll32.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\shell32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\shimgvw.dll","- OK -","Quick checked"
"c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\kernel32.dll","Change","Changed"
"C:\WINDOWS\system32\wsock32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\user32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\shell32.dll","Change","Changed"
"C:\WINDOWS\system32\ntoskrnl.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\drivers\etc\hosts","- OK -","Quick checked"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-1210c274.zip:\Counter.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-1210c274.zip:\VerifierBug.class","Trojan horse Java/ClassLoader","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-1210c274.zip","Virus identified Java/ByteVerify","Infected, Archive"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip:\SandBoxEscape.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip:\SuperMSClassLoader.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip:\Installer.class","Virus identified Java/OpenStream","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip","Virus identified Java/ByteVerify","Infected, Archive"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5e86ef02-4085a08d.zip:\Counter.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5e86ef02-4085a08d.zip:\Parser.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5e86ef02-4085a08d.zip","Virus identified Java/ByteVerify","Infected, Archive"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit","","Scanned"
"System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
"System registry exefile\shell\open\command","","Scanned"
"System registry scrfile\shell\open\command","","Scanned"
"System registry scrfile\shell\config\command","","Scanned"
"System registry batfile\shell\open\command","","Scanned"
"System registry cmdfile\shell\open\command","","Scanned"
"System registry comfile\shell\open\command","","Scanned"
"System registry piffile\shell\open\command","","Scanned"
"System registry giffile\shell\open\command","","Scanned"
"System registry htmlfile\shell\open\command","","Scanned"
"System registry htafile\shell\open\command","","Scanned"
"System registry jpegfile\shell\open\command","","Scanned"
"System registry txtfile\shell\open\command","","Scanned"
"System registry regfile\shell\open\command","","Scanned"
"System registry cplfile\shell\cplopen\command","","Scanned"
"System registry Word.Document.8\shell\open\command","","Scanned"
"System registry WordPad.Document.1\shell\open\command","","Scanned"
"System registry inffile\shell\open\command","","Scanned"
"System registry vbsfile\shell\open\command","","Scanned"
"System registry vbefile\shell\open\command","","Scanned"
"C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe","- OK -","Quick checked"
"C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe","- OK -","Quick checked"
"C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe","- OK -","Quick checked"
"C:\Program Files\Analog Devices\Core\smax4pnp.exe","- OK -","Quick checked"
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe","- OK -","Quick checked"
"C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe","- OK -","Quick checked"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe","- OK -","Quick checked"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE","- OK -","Quick checked"
"C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe","- OK -","Quick checked"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE","- OK -","Quick checked"
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe","- OK -","Quick checked"
"C:\Program Files\QuickTime\qttask.exe","- OK -","Quick checked"
"C:\Program Files\Real\RealPlayer\realplay.exe","- OK -","Quick checked"
"C:\Program Files\iTunes\iTunesHelper.exe","- OK -","Quick checked"
"C:\WINDOWS\regedit.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\NeroCheck.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\dla\tfswctrl.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\hkcmd.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\igfxpers.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\igfxtray.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\mshta.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\rundll32.exe","- OK -","Quick checked"
"C:\WINDOWS\system32\shell32.dll","- OK -","Quick checked"
"C:\WINDOWS\system32\shimgvw.dll","- OK -","Quick checked"
"c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe","- OK -","Quick checked"
oes I did it Thank You Thank You

Hi

Well done

SO, these are entries we want to remove :-

"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-1210c274.zip:\Counter.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-1210c274.zip:\VerifierBug.class","Trojan horse Java/ClassLoader","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-1210c274.zip","Virus identified Java/ByteVerify","Infected, Archive"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip:\SandBoxEscape.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip:\SuperMSClassLoader.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip:\Installer.class","Virus identified Java/OpenStream","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-5ac6214a.zip","Virus identified Java/ByteVerify","Infected, Archive"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5e86ef02-4085a08d.zip:\Counter.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5e86ef02-4085a08d.zip:\Parser.class","Virus identified Java/ByteVerify","Infected, Embedded object"
"C:\Documents and Settings\Jeremy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-5e86ef02-4085a08d.zip","Virus identified Java/ByteVerify","Infected, Archive"

These are all infected java appletts...

In post #4 I gave you this link to clear your java cache...

http://www.java.com/en/download/help/5000020300.xml

In post #5 you said...



Ran AVG still several issues: ...................... Java/bytverify, Java/Openstream.C, trojan: java/classloader also classloader.D., trojan downloader: Java/openstream.J and trojanDropper: Java/Beyond.E. I did what you told me re: cache,


If you had followed the instructions on the link correctly, these would have been deleted... so we need to find out where you went wrong...

1. Click Start > Control panel

2.Double-click the Java icon in the control panel. (it looks like a teacup)

If you don't see the icon, then you are probably in category view

On the left, click switch to classic view .. you should then see the teacup icon... double click java

3. when the java control panel pops up, make sure you are on the General tab ...

In the temporary internet files section ... click settings

Then click delete files

in the box which pops up, leave all 3 boxes ticked & click OK...

---

Re:

"C:\WINDOWS\system32\kernel32.dll","Change","Changed"
"C:\WINDOWS\system32\shell32.dll","Change","Changed"

This is nothing to worry about...

AVG is reporting that the files have changed since the last scan.

This will be due to a recent MS Hotfix/update which you have installed...

steam

:sad: Hi,
Again, I did what you said re: Java, still nothing seems to happen, AVG results exactly the same today as yesterday. I'm confused! Should I go into Jeremy's sign in and do it there?Thanks, Deb

Hi

Yes... please do that...

steam

:bigthumb: Hi Steamwiz,
Great News, Went into Jeremy's account, cleared Java Cache, and for the first time in weeks, finally all clear, No viruses nothing! A great big Thank You for all your help and Patience, Very Much Appreciated!!!

Hi

You're very welcome :)

Happy surfing

steam

As the problem appears to be resolved this topic has been archived. :bigthumb:

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.