n1ck4lyf Posted November 27, 2007 ID:10421 Share Posted November 27, 2007 hi, what ever is wrong with my computer adds 2 icons to desktop, every time i delete, they re appear. Also, it constantly tries to open web pages. any assistance would be greatly appreciated. also messages occur in system tray. im out of ideas, thxhijack this--Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:40:43 PM, on 27/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Live\installer\WLSetupSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\Program Files\OptusNet DSL Internet\DSC.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\dvd43\dvd43_tray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\TEMP\winF0.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SecCenter\scprot4.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\COMMON~1\SSTEM~1\scanregw.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iTunes\iTunes.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Windows Live Toolbar\msn_sl.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\WINDOWS\mgrs.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepageO1 - Hosts: 216.107.242.199 l2authd.lineage2.comO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\aojltwjx.dllO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QQLD Agent] C:\WINDOWS\system32\Sys32\QQLD.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtap.dll,startupO4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winF0.exeO4 - HKLM\..\Run: [rcpwjmna] rundll32.exe "C:\Program Files\mxgnofqh\yjuvkdkj.dll",InitO4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exeO4 - HKCU\..\Run: [sen] "C:\PROGRA~1\COMMON~1\SSTEM~1\scanregw.exe" -vt yazbO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?76a265e0cd544361abe453ae28f3c5e4O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?76a265e0cd544361abe453ae28f3c5e4O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepageO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO20 - AppInit_DLLs: C:\WINDOWS\system32\__c009C16B.datO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uxexvnse.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 8411 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted November 28, 2007 ID:10436 Share Posted November 28, 2007 Hi there n1ck4lyf, and welcome to Malwarebytes.If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.AVG AntiSpyware Be sure to "take action"Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
n1ck4lyf Posted November 28, 2007 Author ID:10444 Share Posted November 28, 2007 hi, thx for the help.pandaActiveScan wasnt working, but here are the avg and hijack thisthxavg scan------------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 6:07:18 PM 28/11/2007 + Scan result: C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP109\A0088240.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP110\A0090248.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP111\A0090448.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP111\A0090641.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP111\A0091750.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP112\A0091914.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP112\A0091943.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP114\A0092158.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\Y7KT0RA3\mosx1024[1] -> Downloader.ConHook.hl : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP114\A0092295.dll -> Downloader.ConHook.hl : Cleaned with backup (quarantined).C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).C:\WINDOWS\system32\__c00A5F05.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).C:\WINDOWS\system32\foafwxul.dll -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[2880] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[2960] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[3300] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[3424] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[3516] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[3584] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[3640] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[3724] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[452] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[580] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).[928] C:\WINDOWS\system32\__c0047BC4.dat -> Downloader.ConHook.hl : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP111\A0090685.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP112\A0091912.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP114\A0092293.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).C:\Documents and Settings\DELTA 3775\Application Data\Ѕуmantec\rundll32.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP112\A0091913.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP114\A0092290.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\IXIFE1WB\poiu[1] -> Downloader.Tiny.id : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP114\A0092298.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP96\A0073123.exe -> Downloader.VB.bsa : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP96\A0073124.exe -> Downloader.VB.bsa : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP109\A0088229.exe -> Not-A-Virus.Hoax.Win32.Renos.hx : Ignored.C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP114\A0092292.exe -> Not-A-Virus.Hoax.Win32.Renos.hx : Ignored.:mozilla.19:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.214:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.215:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.216:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.217:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.218:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.61:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.62:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.63:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.:mozilla.64:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Nick\Cookies\nick@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.:mozilla.174:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.175:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.176:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.178:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.179:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.180:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.181:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.182:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.388:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.:mozilla.228:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.:mozilla.229:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.:mozilla.330:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.:mozilla.285:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.:mozilla.63:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.:mozilla.73:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.:mozilla.422:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.423:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.424:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.74:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.75:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.76:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.91:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.92:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.93:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.:mozilla.13:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.:mozilla.18:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.:mozilla.33:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.C:\Documents and Settings\DELTA 3775\Cookies\delta 3775@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.:mozilla.92:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.:mozilla.62:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.63:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.64:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.65:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.66:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.67:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.68:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.69:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.70:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.:mozilla.177:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.:mozilla.389:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.:mozilla.390:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.:mozilla.100:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.:mozilla.18:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.:mozilla.20:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.:mozilla.101:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.102:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.103:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.104:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.105:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.106:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.218:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.69:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.70:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.71:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.72:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.:mozilla.160:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.:mozilla.161:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.:mozilla.22:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.:mozilla.23:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.:mozilla.19:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.C:\Documents and Settings\DELTA 3775\Cookies\delta 3775@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.:mozilla.24:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.:mozilla.277:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.:mozilla.81:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.82:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.83:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.:mozilla.413:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.:mozilla.157:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.158:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.159:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.160:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.:mozilla.11:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.12:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.14:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.170:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.171:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.172:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.173:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.174:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.175:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.17:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.6:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.71:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.72:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.73:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.74:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.75:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.76:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.77:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.86:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.8:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.9:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.:mozilla.209:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.:mozilla.210:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.:mozilla.133:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.134:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.135:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.136:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.137:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.138:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.188:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.189:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.190:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.191:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.219:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.:mozilla.72:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.:mozilla.73:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.:mozilla.193:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.194:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.195:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.196:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.197:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.:mozilla.198:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.:mozilla.465:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.:mozilla.64:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.E:\rob 2\Cookies\rob_2@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.:mozilla.231:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.:mozilla.65:C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\m69fn92l.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.:mozilla.353:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Wegcash : Cleaned.:mozilla.354:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Wegcash : Cleaned.:mozilla.213:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.214:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.215:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.216:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.217:C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\5k5fhnfm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.278:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.280:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.281:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.282:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.283:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.:mozilla.284:C:\Documents and Settings\DELTA 3775\Application Data\Mozilla\Firefox\Profiles\a7d141q4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP111\A0090562.exe/keygen.exe -> Trojan.Agent.cro : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP111\A0090565.exe -> Trojan.Agent.cro : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP95\A0071643.exe -> Trojan.Crack.h : Cleaned with backup (quarantined).C:\System Volume Information\_restore{9074E3F2-1AA7-4116-BD62-137A33A7407E}\RP95\A0071644.exe -> Trojan.Crack.h : Cleaned with backup (quarantined).::Report endhijack this scan---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:23:14 PM, on 28/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\stsystra.exeC:\Program Files\OptusNet DSL Internet\DSC.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\dvd43\dvd43_tray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SecCenter\scprot4.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Live Toolbar\msn_sl.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepageO1 - Hosts: 216.107.242.199 l2authd.lineage2.comO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QQLD Agent] C:\WINDOWS\system32\Sys32\QQLD.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtap.dll,startupO4 - HKLM\..\Run: [rcpwjmna] rundll32.exe "C:\Program Files\mxgnofqh\yjuvkdkj.dll",InitO4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exeO4 - HKLM\..\Run: [600334c0] rundll32.exe "C:\WINDOWS\system32\oplpsabs.dll",bO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?76a265e0cd544361abe453ae28f3c5e4O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?76a265e0cd544361abe453ae28f3c5e4O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepageO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO20 - AppInit_DLLs: C:\WINDOWS\system32\__c0047BC4.datO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uxexvnse.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 8503 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted November 28, 2007 ID:10467 Share Posted November 28, 2007 Make sure you have gone through the tutorial for Panda scan and try again to get a scan. Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Then do this ....Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Please post Smitfraud log, Panda log and HJT log. Make sure HJT is the last log you post please. Link to post Share on other sites More sharing options...
n1ck4lyf Posted November 29, 2007 Author ID:10488 Share Posted November 29, 2007 ok here they are...SmitFraudFix v2.256Scan done at 18:16:25.23, Thu 29/11/2007Run from C:\Documents and Settings\Nick\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Link to post Share on other sites More sharing options...
JeanInMontana Posted November 29, 2007 ID:10507 Share Posted November 29, 2007 Well still some nasty looking stuff in your log.Please put a check next to these:O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundClick fix and exit the program. Delete all your quarantine files in AVG and Smitfraud fix.Do you know what this is O1 - Hosts: 216.107.242.199 l2authd.lineage2.com ?I would like a Panda scan too please.Also a scan from this program1. Download this file :http://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote:Do not mouseclick combofix's window while its running. That may cause it to stall Link to post Share on other sites More sharing options...
JeanInMontana Posted November 29, 2007 ID:10509 Share Posted November 29, 2007 Hey I see you also have a thread here http://forums.whatthetech.com/wats_going_o...ml&p=419335 You need to pick one forum and stick with it. Your taking up the time of two people when you double post at other forums. You also risk ruining your system. Link to post Share on other sites More sharing options...
n1ck4lyf Posted December 1, 2007 Author ID:10524 Share Posted December 1, 2007 hi, sry about that. i choose this 1... seams to b helping more B) Link to post Share on other sites More sharing options...
n1ck4lyf Posted December 1, 2007 Author ID:10525 Share Posted December 1, 2007 hi. the panda scan dosnt work. when it starts downloading the updates, it stops at 472 seconds remaining. here is the combofix scan and hijackthisComboFix 07-11-19.4C - Nick 2007-12-01 12:54:52.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.488 [GMT 11:00]Running from: C:\Documents and Settings\Nick\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Administrator.DIMENSIO-53255A\Desktop\Live Safety Center.lnkC:\Documents and Settings\Administrator.DIMENSIO-53255A\Desktop\Online Security Guide.lnkC:\Documents and Settings\Administrator.DIMENSIO-53255A\Favorites\Online Security Guide.lnkC:\Documents and Settings\All Users\Application Data.\klqtozqv.dllC:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnkC:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnkC:\Documents and Settings\DELTA 3775\Application Data\MANTEC~1C:\Documents and Settings\DELTA 3775\Application Data\MANTEC~1\??mantec\C:\Documents and Settings\Nick\Desktop\Live Safety Center.lnkC:\Documents and Settings\Nick\Desktop\Online Security Guide.lnkC:\Documents and Settings\Nick\Favorites\Online Security Guide.lnkC:\Program Files\Common Files\sstem~1C:\Program Files\Common Files\sstem~1\s?stem\C:\Program Files\SecCenterC:\Program Files\SecCenter\scprot4.exeC:\WINDOWS\cookies.iniC:\WINDOWS\system32\__c00C8A40.datC:\WINDOWS\system32\drivers\sfsync02.sysC:\WINDOWS\system32\jpctbdjm.dllC:\WINDOWS\system32\ohmmilmv.dllC:\WINDOWS\system32\orqss.iniC:\WINDOWS\system32\orqss.ini2C:\WINDOWS\system32\ssqro.dllC:\WINDOWS\system32\usnracpb.dllC:\WINDOWS\system32\utudupeg.exeC:\WINDOWS\system32\wfvgbbim.dllboxC:\WINDOWS\system32\yqlchgwc.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_DOMAINSERVICE-------\LEGACY_SFSYNC02-------\DomainService-------\sfsync02((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))).2007-12-01 13:03 20,810 ---hs---- C:\WINDOWS\system32\wfvgbbim.dllbox2007-12-01 12:54 145,984 --a------ C:\WINDOWS\system32\wfvgbbim.dll2007-12-01 12:53 145,984 --a------ C:\WINDOWS\system32\jqqtoxcg.dll2007-12-01 12:23 78,912 --a------ C:\WINDOWS\system32\xuhcwyww.dll2007-11-30 12:52 <DIR> d-------- C:\Documents and Settings\DELTA 3775\Application Data\Apple Computer2007-11-30 12:00 <DIR> d-------- C:\Documents and Settings\DELTA 3775\Application Data\Grisoft2007-11-29 18:10 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe2007-11-29 18:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe2007-11-29 18:10 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe2007-11-29 11:48 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\Grisoft2007-11-28 18:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico2007-11-28 18:13 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico2007-11-28 18:13 1,406 --a------ C:\WINDOWS\system32\Help.ico2007-11-28 18:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2007-11-28 17:29 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Grisoft2007-11-28 17:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-11-28 15:59 85,056 --a------ C:\WINDOWS\system32\oplpsabs.dll2007-11-28 15:53 71,232 --a------ C:\WINDOWS\system32\njcncvos.exe2007-11-28 14:37 78,912 --a------ C:\WINDOWS\system32\ecvhbhhj.dll2007-11-28 14:31 784,545 --ahs---- C:\WINDOWS\system32\besgpalq.ini2007-11-28 14:25 71,232 --a------ C:\WINDOWS\system32\mbgemxrr.exe2007-11-27 22:40 <DIR> d-------- C:\VundoFix Backups2007-11-27 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic2007-11-27 21:45 784,485 --ahs---- C:\WINDOWS\system32\lwmuojlt.ini2007-11-27 21:45 78,912 --a------ C:\WINDOWS\system32\hwjchqhj.dll2007-11-27 21:42 71,232 --a------ C:\WINDOWS\system32\vwddvgxb.exe2007-11-27 21:34 71,232 --a------ C:\WINDOWS\system32\ncjqcafb.exe2007-11-27 12:09 <DIR> d-------- C:\Documents and Settings\DELTA 3775\Contacts2007-11-27 12:00 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition2007-11-27 11:46 <DIR> d-------- C:\Program Files\Windows Live2007-11-27 11:46 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller2007-11-27 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller2007-11-27 09:37 <DIR> d-------- C:\WINDOWS\system32\jobkremw2007-11-26 22:45 <DIR> d-------- C:\Program Files\Mixxx2007-11-26 21:50 <DIR> d-------- C:\Program Files\mxgnofqh2007-11-26 18:33 34,304 --a------ C:\WINDOWS\system32\jkkigef.dll2007-11-26 11:07 776,312 --ahs---- C:\WINDOWS\system32\hafvrgyg.ini2007-11-26 11:07 85,056 --a------ C:\WINDOWS\system32\gygrvfah.dll2007-11-26 10:55 131,072 --a------ C:\Documents and Settings\All Users\Application Data\jatqlcrk.dll2007-11-25 22:49 131,072 --a------ C:\Documents and Settings\All Users\Application Data\etijqzev.dll2007-11-25 21:30 131,072 --a------ C:\Documents and Settings\All Users\Application Data\bmzgrktu.dll2007-11-25 20:28 0 --a------ C:\WINDOWS\system32\mcrh.tmp2007-11-25 19:49 <DIR> d-------- C:\Downloads2007-11-25 19:49 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Orbit2007-11-25 00:57 776,252 --ahs---- C:\WINDOWS\system32\kxpbjqrh.ini2007-11-25 00:51 81,472 --a------ C:\WINDOWS\system32\gboqpoye.dll2007-11-24 13:15 <DIR> d-------- C:\Program Files\Free DVD Ripper2007-11-24 13:15 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL2007-11-24 13:15 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS2007-11-24 12:38 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv2007-11-24 12:38 131,072 --a------ C:\Documents and Settings\All Users\Application Data\exibifwn.dll2007-11-24 12:38 34,304 --a------ C:\WINDOWS\system32\opnlljh.dll2007-11-24 09:18 <DIR> d-------- C:\Program Files\MagicISO2007-11-23 21:08 <DIR> d-------- C:\Program Files\Red Kawa2007-11-23 21:08 <DIR> d-------- C:\Program Files\AviSynth 2.52007-11-23 19:26 <DIR> d-------- C:\Program Files\E-Zsoft2007-11-23 19:20 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\Apple Computer2007-11-20 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVG72007-11-18 19:05 <DIR> d---s---- C:\Documents and Settings\Nick\UserData2007-11-18 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield2007-11-18 17:36 <DIR> d-------- C:\WINDOWS\system32\dla2007-11-18 17:36 <DIR> d-------- C:\Program Files\Sonic2007-11-18 17:36 98,360 --a------ C:\WINDOWS\dla.exe2007-11-18 17:36 88,080 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys2007-11-18 17:36 61,500 --a------ C:\WINDOWS\system32\tfswapi.dll2007-11-18 17:36 40,544 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys2007-11-18 17:36 23,545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys2007-11-18 17:36 5,627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys2007-11-18 17:35 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared2007-11-15 21:02 508,240 --a------ C:\ie6setupOe.exe2007-11-13 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft2007-11-13 19:55 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll2007-11-12 14:42 <DIR> d-------- C:\Documents and Settings\DELTA 3775\Shared2007-11-12 14:42 <DIR> d-------- C:\Documents and Settings\DELTA 3775\Incomplete2007-11-12 14:42 <DIR> d-------- C:\Documents and Settings\DELTA 3775\Application Data\LimeWire2007-11-06 18:44 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\LimeWire2007-11-06 16:27 <DIR> d-------- C:\Program Files\Xvid2007-11-06 16:27 159,744 --a------ C:\WINDOWS\system32\xvidvfw.dll2007-11-06 16:27 77,824 --a------ C:\WINDOWS\system32\xvid.ax2007-11-05 22:04 1,156 --a------ C:\WINDOWS\mozver.dat2007-11-05 21:58 0 --a------ C:\WINDOWS\nsreg.dat2007-11-04 12:08 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll2007-11-03 20:01 <DIR> d-------- C:\WINDOWS\Sun2007-11-03 14:13 <DIR> d-------- C:\Mp3 Output2007-11-03 14:12 <DIR> d-------- C:\Program Files\Smallvideosoft2007-11-03 14:12 1,872,821 --a------ C:\WINDOWS\system32\cygwin1.dll2007-11-03 14:12 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll2007-11-03 14:12 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll2007-11-03 14:12 66,048 --a------ C:\WINDOWS\system32\cygz.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-11-30 11:47 --------- d-----w C:\Program Files\Windows Live Toolbar2007-11-30 06:03 10,414,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2007-11-28 05:02 78,912 ----a-w C:\WINDOWS\system32\qvalppmu.dll2007-11-28 03:31 85,056 ----a-w C:\WINDOWS\system32\qlapgseb.dll2007-11-27 12:02 124,388 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2007-11-27 04:48 --------- d-----w C:\Documents and Settings\Nick\Application Data\LimeWire2007-11-26 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software2007-11-26 00:04 79,936 ----a-w C:\WINDOWS\system32\suvjybbi.dll2007-11-24 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip2007-11-23 08:39 --------- d-----w C:\Program Files\QuickTime2007-11-18 06:37 --------- d-----w C:\Program Files\Common Files\InstallShield2007-11-18 06:27 --------- d-----w C:\Program Files\Google2007-11-15 01:57 --------- d-----w C:\Program Files\Freecorder2007-10-31 11:18 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe2007-10-31 11:16 --------- d-----w C:\Program Files\FLV Player2007-10-31 03:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys2007-10-31 02:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll2007-10-29 11:03 --------- d-----w C:\Documents and Settings\Nick\Application Data\Screen Calendar2007-10-29 09:17 --------- d-----w C:\Program Files\Screen Calendar2007-10-29 09:17 --------- d-----w C:\Program Files\Common Files\Outlook Security Manager2007-10-28 06:09 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-10-28 05:57 --------- d-----w C:\Program Files\THQ2007-10-23 08:52 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys2007-10-23 08:48 --------- d-----w C:\Program Files\Stardock2007-10-23 08:48 --------- d-----w C:\Program Files\Common Files\Stardock2007-10-23 06:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR2007-10-21 09:52 --------- d-----w C:\Program Files\Microsoft Games2007-10-21 03:47 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys2007-10-21 03:45 --------- d-----w C:\Program Files\Firefly Studios2007-10-18 00:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe2007-10-14 02:33 --------- d-----w C:\Program Files\Intel2007-10-09 01:45 --------- d-----w C:\Program Files\Halo Trial2007-10-09 01:05 --------- d-----w C:\Program Files\MSXML 4.02007-10-08 11:12 --------- d-----w C:\Program Files\Alcohol Soft2007-10-08 11:04 --------- d-----w C:\Program Files\VirtualDJ2007-10-07 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 32007-10-04 12:53 --------- d-----w C:\Documents and Settings\Nick\Application Data\mIRC2007-10-04 08:55 --------- d-----w C:\Program Files\mIRC2007-10-04 00:15 --------- d-----w C:\Program Files\Motorola Phone Tools2007-10-03 02:44 --------- d-----w C:\Documents and Settings\Nick\Application Data\InstallShield2007-10-03 02:38 24,192 ----a-w C:\Documents and Settings\Nick\usbsermptxp.sys2007-10-03 02:38 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys2007-10-03 02:38 22,768 ----a-w C:\Documents and Settings\Nick\usbsermpt.sys2007-10-01 00:14 --------- d-----w C:\Program Files\Selectsoft2007-09-20 11:08 68,096 ----a-w C:\WINDOWS\ScUnin.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16975C1E-950B-F58A-B187-08ED8F89A6B0}] C:\Program Files\Xhsxfzvt\nqxwjuqz.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35BFEF80-9814-0F5F-9961-0444D2412BD9}] C:\Program Files\Cestzfde\jaspsadd.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]2007-12-01 12:54 145984 --a------ C:\WINDOWS\system32\wfvgbbim.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa37d36d-2808-4aef-9094-d2cfd6443ef9}]2007-12-01 12:23 78912 --a------ C:\WINDOWS\system32\xuhcwyww.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wfvgbbim.dll [2007-12-01 12:54 145984][HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wfvgbbim.dll [2007-12-01 12:54 145984][HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 21:27][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 19:20 C:\WINDOWS\stsystra.exe]"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2005-11-30 13:21]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 22:54]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 17:55]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 15:23]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]"QQLD Agent"="C:\WINDOWS\system32\Sys32\QQLD.exe" []"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 17:21]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 05:33]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]"600334c0"="C:\WINDOWS\system32\oplpsabs.dll" [2007-11-28 15:59]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 20:25][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00]C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [2007-09-14 15:51:43][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wfvgbbim]wfvgbbim.dll 2007-12-01 12:54 145984 C:\WINDOWS\system32\wfvgbbim.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32]winubg32.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqro.dllS3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sysS3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys.Contents of the 'Scheduled Tasks' folder"2007-11-26 06:18:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job""2007-12-01 01:55:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE.**************************************************************************catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-12-01 13:05:02Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-12-01 13:06:34 - machine was rebooted. --- E O F -------------------------------------------------------------------------------------hijackthis--------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:22:56 PM, on 1/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\stsystra.exeC:\Program Files\OptusNet DSL Internet\DSC.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\dvd43\dvd43_tray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Windows Live Toolbar\msn_sl.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Xhsxfzvt\nqxwjuqz.dll (file missing)O2 - BHO: (no name) - {35BFEF80-9814-0F5F-9961-0444D2412BD9} - C:\Program Files\Cestzfde\jaspsadd.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wfvgbbim.dllO2 - BHO: {9fe3446d-fc2d-4909-fea4-8082d63d73aa} - {aa37d36d-2808-4aef-9094-d2cfd6443ef9} - C:\WINDOWS\system32\xuhcwyww.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wfvgbbim.dllO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QQLD Agent] C:\WINDOWS\system32\Sys32\QQLD.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [600334c0] rundll32.exe "C:\WINDOWS\system32\oplpsabs.dll",bO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?76a265e0cd544361abe453ae28f3c5e4O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?76a265e0cd544361abe453ae28f3c5e4O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepageO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO20 - Winlogon Notify: wfvgbbim - C:\WINDOWS\SYSTEM32\wfvgbbim.dllO20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 9467 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted December 2, 2007 ID:10549 Share Posted December 2, 2007 Please download VundoFix.exeto your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot. Link to post Share on other sites More sharing options...
n1ck4lyf Posted December 3, 2007 Author ID:10566 Share Posted December 3, 2007 ok i did that. here they areVundoFix V6.6.2Checking Java version...Scan started at 10:40:31 PM 27/11/2007Listing files found while scanning....C:\windows\system32\aojltwjx.dllC:\windows\system32\aojltwjx.dllboxC:\windows\system32\drvtapr.dllC:\windows\system32\drvvobr.dllC:\windows\system32\wqmeurwu.dllBeginning removal... Attempting to delete C:\windows\system32\aojltwjx.dllC:\windows\system32\aojltwjx.dll Has been deleted! Attempting to delete C:\windows\system32\aojltwjx.dllboxC:\windows\system32\aojltwjx.dllbox Has been deleted! Attempting to delete C:\windows\system32\drvtapr.dllC:\windows\system32\drvtapr.dll Has been deleted! Attempting to delete C:\windows\system32\drvvobr.dllC:\windows\system32\drvvobr.dll Has been deleted! Attempting to delete C:\windows\system32\wqmeurwu.dllC:\windows\system32\wqmeurwu.dll Has been deleted!Performing Repairs to the registry.Done!VundoFix V6.6.2Checking Java version...Scan started at 3:02:22 PM 1/12/2007Listing files found while scanning....C:\WINDOWS\system32\wfvgbbim.dllC:\windows\system32\wfvgbbim.dllboxVundoFix V6.6.2Checking Java version...Scan started at 8:20:05 PM 3/12/2007Listing files found while scanning....C:\WINDOWS\system32\wfvgbbim.dllC:\windows\system32\wfvgbbim.dllboxBeginning removal... Attempting to delete C:\windows\system32\wfvgbbim.dllboxC:\windows\system32\wfvgbbim.dllbox Has been deleted!Performing Repairs to the registry.Done!---------------------------------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:48:13 PM, on 3/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\Program Files\OptusNet DSL Internet\DSC.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\dvd43\dvd43_tray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXEC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Xhsxfzvt\nqxwjuqz.dll (file missing)O2 - BHO: (no name) - {35BFEF80-9814-0F5F-9961-0444D2412BD9} - C:\Program Files\Cestzfde\jaspsadd.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: {9fe3446d-fc2d-4909-fea4-8082d63d73aa} - {aa37d36d-2808-4aef-9094-d2cfd6443ef9} - C:\WINDOWS\system32\xuhcwyww.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QQLD Agent] C:\WINDOWS\system32\Sys32\QQLD.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Nick\LOCALS~1\Temp\{51C4F6AA-16AE-4C1D-9A52-6B6C5A925AB5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /sO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-1177238915-1292428093-839522115-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'DELTA 3775')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?76a265e0cd544361abe453ae28f3c5e4O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?76a265e0cd544361abe453ae28f3c5e4O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepageO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 10083 bytesthank you for the help B) Link to post Share on other sites More sharing options...
JeanInMontana Posted December 3, 2007 ID:10578 Share Posted December 3, 2007 Umm.... you are showing scans with Vundo on 3 different dates! Delete everything you have connected to Vundo all files, all downloaded files.Run HJT again and put a check next to these items below and click fix.O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Xhsxfzvt\nqxwjuqz.dll (file missing)O2 - BHO: (no name) - {35BFEF80-9814-0F5F-9961-0444D2412BD9} - C:\Program Files\Cestzfde\jaspsadd.dll (file missing)O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Nick\LOCALS~1\Temp\{51C4F6AA-16AE-4C1D-9A52-6B6C5A925AB5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)Reboot, and run a new Vundo scan from a new download. Post that log and a new HJT log too please. Link to post Share on other sites More sharing options...
n1ck4lyf Posted December 4, 2007 Author ID:10599 Share Posted December 4, 2007 vundofix found no errors. but i did the other things you said. ThxLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:35 PM, on 4/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exeC:\WINDOWS\stsystra.exeC:\Program Files\OptusNet DSL Internet\DSC.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\dvd43\dvd43_tray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: {9fe3446d-fc2d-4909-fea4-8082d63d73aa} - {aa37d36d-2808-4aef-9094-d2cfd6443ef9} - C:\WINDOWS\system32\xuhcwyww.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QQLD Agent] C:\WINDOWS\system32\Sys32\QQLD.exeO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /sO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?76a265e0cd544361abe453ae28f3c5e4O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?76a265e0cd544361abe453ae28f3c5e4O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepageO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 9328 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted December 4, 2007 ID:10624 Share Posted December 4, 2007 Vundo did find things and remove them. More than once from the logs you posted before, I asked for the log from the new download and new scan. I would like to see that.Run HJT and put a check next to these items and click fix.O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: {9fe3446d-fc2d-4909-fea4-8082d63d73aa} - {aa37d36d-2808-4aef-9094-d2cfd6443ef9} - C:\WINDOWS\system32\xuhcwyww.dllPlease download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum.Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.Also the information you got on the other forum is true and valid. Your system was compromised completely. There is no guarantee we will ever get all of it cleaned out and your personal information should be changed for any sensitive sites. Link to post Share on other sites More sharing options...
JeanInMontana Posted December 13, 2007 ID:10893 Share Posted December 13, 2007 Due to lack of response I will close this topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic. Link to post Share on other sites More sharing options...
Recommended Posts