Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help with the Vundo trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Scotty » July 15th, 2007, 7:35 am

Hello Richie

Are you still requiring assistance here?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

last hijack this scan

Unread postby Richie » July 17th, 2007, 7:09 pm

Hi Scotty,

Sorry for taking so long to reply, I've workd 150 hours in the last 2 weeks and finally giot a day off. I did what you said in your last post. Here is the last scan.

Logfile of HijackThis v1.99.1
Scan saved at 16:05, on 2007-07-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
C:\WINDOWS\system32\notepad.exe
C:\ComboFix\catchme.cfexe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hpothb07.tif
O4 - Startup: hpothb07.dat
O4 - Startup: TweakTray.lnk = C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

Unread postby Scotty » July 17th, 2007, 7:14 pm

Hi Richie

No worries. could you post the log from the last CFScript too?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

CFScript log

Unread postby Richie » July 18th, 2007, 2:49 pm

"Owner" - 2007-07-18 11:40:25 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cbbaww.dll
C:\WINDOWS\qonmnl.dll
C:\WINDOWS\hgfday.dll
C:\WINDOWS\iihfde.dll
C:\WINDOWS\wwabbc.ini
C:\WINDOWS\lnmnoq.ini
C:\WINDOWS\yadfgh.ini
C:\WINDOWS\edfhii.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Barbie\Application Data\tmp2.tmp.exe
C:\WINDOWS\iihfde.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp43.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp9E7.tmp.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-18 11:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 11:28 476 --a------ C:\DOCUME~1\Owner\fix.reg
2007-06-24 19:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-24 19:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-24 19:01 1,462 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 17:21 <DIR> d--hs---- C:\FOUND.032
2007-06-22 11:05 55,808 --a------ C:\WINDOWS\unSpySweeper.exe
2007-06-22 08:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-22 08:29 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-20 21:56 73,992 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp9E7.tmp.exe
2007-06-20 21:56 128,202 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp9E6.tmp.exe
2007-06-20 21:54 122,880 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp9E5.tmp.exe
2007-06-20 17:42 128,202 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp105.tmp.exe
2007-06-20 17:42 128,202 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp104.tmp.exe
2007-06-20 17:41 122,880 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp103.tmp.exe
2007-06-20 10:22 73,992 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp3.tmp.exe
2007-06-20 10:21 122,880 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp1.tmp.exe
2007-06-19 06:52 128,202 --a------ C:\tmp2.tmp.exe
2007-06-18 11:17 60,771 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp7.tmp.exe
2007-06-18 11:17 252,130 --a------ C:\DOCUME~1\Barbie\APPLIC~1\tmp6.tmp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 18:43:02 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2007-07-18 18:43:02 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2007-06-18 01:34:50 -------- d-----w C:\Program Files\XoftSpySE
2007-06-06 02:28:50 -------- d-----w C:\Program Files\iPod
2007-06-06 02:28:46 -------- d-----w C:\Program Files\iTunes
2007-05-28 23:03:08 -------- d-----w C:\Program Files\CAM Development
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2006-02-20 04:08:04 133,184 ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
2006-04-18 19:04 34304 --a------ C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-10-07 12:39]
"nwiz"="nwiz.exe" [2005-07-20 21:07 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=


Contents of the 'Scheduled Tasks' folder
2007-02-12 17:43:04 C:\WINDOWS\tasks\XoftSpy.job
2007-07-17 17:01:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-18 01:34:54 C:\WINDOWS\tasks\XoftSpySE.job
2007-07-18 18:45:40 C:\WINDOWS\tasks\XoftSpySE 2.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 11:44:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:46:32 - machine was rebooted
C:\ComboFix3.txt ... 2007-06-24 19:22
C:\ComboFix-quarantined-files.txt ... 2007-07-18 11:46
C:\ComboFix2.txt ... 2007-06-24 19:30

--- E O F ---
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

Unread postby Scotty » July 19th, 2007, 3:36 pm

Hello Richie

Download AVG Anti-Spyware.
  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.
    • At the top of the main screen click Update.
      • Then in the Manual Update section, click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
  • When updates are completed, close AVG.
If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates

Open Notepad and Copy/Paste the text in the codebox below into it:

Code: Select all
File:: 
C:\DOCUME~1\Barbie\APPLIC~1\tmp9E7.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp9E6.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp9E5.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp105.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp104.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp103.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp3.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp1.tmp.exe 
C:\tmp2.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp7.tmp.exe 
C:\DOCUME~1\Barbie\APPLIC~1\tmp6.tmp.exe
 

 


Save this as "CFScript"

Image


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.

Run a scan with AVG.
  • Click on Scanner
    • Click on the Settings tab, and set the following settings.
      • How to act
        • Click on Recommended actions, and set to Quarantine.
      • How to scan
        • Check all options.
      • Possibly unwanted software.
        • Check all options.
      • Reports
        • Uncheck Automatically generate report after every scan.
        • Uncheck Only if threats were found.
      • What to scan
        • Check Scan every file.
    • Click on the Scan tab.
      • Click on Complete System Scan and the scan will begin.
      • When the scan has finished
        • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
        • At the bottom of the window click on the Apply all Actions button.

Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Post the AVG report too.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

new combo fix log

Unread postby Richie » July 23rd, 2007, 12:44 am

"Owner" - 2007-07-22 17:05:23 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Barbie\APPLIC~1\tmp1.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp103.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp104.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp105.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp3.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp6.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp7.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp9E5.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp9E6.tmp.exe
C:\DOCUME~1\Barbie\APPLIC~1\tmp9E7.tmp.exe
C:\tmp2.tmp.exe


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-22 17:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 11:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 11:28 476 --a------ C:\DOCUME~1\Owner\fix.reg
2007-06-24 19:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-24 19:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-24 19:01 1,462 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 17:21 <DIR> d--hs---- C:\FOUND.032
2007-06-22 11:05 55,808 --a------ C:\WINDOWS\unSpySweeper.exe
2007-06-22 08:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-22 08:29 208,248 --a------ C:\WINDOWS\system32\muweb.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 06:16:02 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2007-07-22 06:16:02 24 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2007-06-18 01:34:50 -------- d-----w C:\Program Files\XoftSpySE
2007-06-06 02:28:50 -------- d-----w C:\Program Files\iPod
2007-06-06 02:28:46 -------- d-----w C:\Program Files\iTunes
2007-05-28 23:03:08 -------- d-----w C:\Program Files\CAM Development
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-02-20 04:08:04 133,184 ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
2006-04-18 19:04 34304 --a------ C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-10-07 12:39]
"nwiz"="nwiz.exe" [2005-07-20 21:07 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD

Contents of the 'Scheduled Tasks' folder
2007-02-12 17:43:04 C:\WINDOWS\tasks\XoftSpy.job
2007-07-17 17:01:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-21 10:44:50 C:\WINDOWS\tasks\XoftSpySE.job
2007-07-23 00:00:02 C:\WINDOWS\tasks\XoftSpySE 2.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 17:08:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-22 17:09:34
C:\ComboFix-quarantined-files.txt ... 2007-07-22 17:09
C:\ComboFix3.txt ... 2007-06-24 19:30
C:\ComboFix2.txt ... 2007-07-18 11:46

--- E O F ---
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

new hijack this log

Unread postby Richie » July 23rd, 2007, 12:45 am

Logfile of HijackThis v1.99.1
Scan saved at 9:43:49 PM, on 22/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hpothb07.tif
O4 - Startup: hpothb07.dat
O4 - Startup: TweakTray.lnk = C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

Unread postby Scotty » July 23rd, 2007, 9:35 am

Hi Richie

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

avg report

Unread postby Richie » July 23rd, 2007, 9:47 am

HKU\S-1-5-21-2419647484-501881172-1690843657-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07A78AEA-4A54-4967-9A60-4B68592D30C7} -> Adware.TrustCleaner : Cleaned with backup (quarantined).
HKU\S-1-5-21-2419647484-501881172-1690843657-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6C16C4-16AD-47B6-B250-26AD1829E49A} -> Adware.TrustCleaner : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\cbbaww.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\hgfday.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\iihfde.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\qonmnl.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\bootnls.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\Nero 7.0 Premium\Ahead_Nero_v7.0_KeyGen_Only-PARADOX.rar/Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.84:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.10:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.61:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.124:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.148:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.60:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.45:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Brendan\Cookies\brendan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.112:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.119:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.26:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.62:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Aaron\Cookies\aaron@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Brendan\Cookies\brendan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.164:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.194:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.42:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.86:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.146:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.156:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.157:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.110:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.111:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.70:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.71:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Aaron\Cookies\aaron@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.151:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.152:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.186:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.153:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.79:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.105:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.106:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.183:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.184:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@search.msn[3].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Montana\Cookies\montana@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.52:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Brendan\Cookies\brendan@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.173:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.174:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.175:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.176:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.177:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.178:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.24:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.28:C:\FOUND.015\FILE0004.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.133:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Barbie\Cookies\barbie@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.32:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.50:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.90:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.91:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.92:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.93:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.94:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Aaron\Cookies\aaron@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.24:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\znqrot1f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Barbie\Application Data\Mozilla\Firefox\Profiles\18mhtaeh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ee76rdyo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp6.tmp.exe.vir -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp1.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp103.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp9E5.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp1.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp15.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp36.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp5EE.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp82.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Documents and Settings\Barbie\Application Data\tmp2.tmp.exe.vir -> Trojan.Agent.aoy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp42.tmp.exe.vir -> Trojan.BHO.bd : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Owner\APPLIC~1\tmp43.tmp.exe.vir -> Trojan.BHO.bi : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp104.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp105.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp3.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp7.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp9E6.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\DOCUME~1\Barbie\APPLIC~1\tmp9E7.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\tmp2.tmp.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

Unread postby Scotty » July 23rd, 2007, 6:59 pm

Hello Richie

That appears to be an AVG log you posted, and only a partial one. Could you post the full log and the Kaspersky log please?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

kaspersky scan

Unread postby Richie » July 24th, 2007, 12:05 am

onday, July 23, 2007 9:01:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/07/2007
Kaspersky Anti-Virus database records: 367000
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 104812
Number of viruses found 20
Number of infected objects 55
Number of suspicious objects 10
Duration of the scan process 02:19:21

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\Temp\ZLT06c00.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\GEORGE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DE40000.VBN Infected: Trojan-Proxy.Win32.Agent.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DE40002.VBN Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D80000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D80000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D80000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E500000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E500000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E500000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09800000.VBN/Camedia_Master_Pro_v4.1.exe Infected: Trojan-Dropper.Win32.Agent.azk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09800000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09800000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN/setup.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08D40000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DE00000.VBN/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DE00000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DE00000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007072320070724\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\A0097280.exe.bac_a03160 Infected: Trojan-Dropper.Win32.Agent.abf skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\A0097334.exe.bac_a03160 Infected: Trojan-Downloader.Win32.Zlob.bf skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\A0103776.exe.bac_a03160 Infected: Trojan-Downloader.Win32.Zlob.bf skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\A0097278.exe.bac_a03160 Infected: Trojan-Downloader.Win32.Zlob.be skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\Nero 7.0 Premium with keygen.rar.bac_a03160/Nero 7.0 Premium/setup.exe Infected: Trojan.Win32.KillAV.ft skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\Nero 7.0 Premium with keygen.rar.bac_a03160 RAR: infected - 1 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\Nero 7.0 Premium with keygen.rar.bac_a03160 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\crack.exe.bac_a03160 Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\{FF7BC6F2-30FA-4C39-A226-F5C90F2BAE44}.tmp.bac_a03160/{FF7BC6F2-30FA-4C39-A226-F5C90F2BAE44}.tmp Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\{FF7BC6F2-30FA-4C39-A226-F5C90F2BAE44}.tmp.bac_a03160 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\{FF7BC6F2-30FA-4C39-A226-F5C90F2BAE44}.tmp.bac_a03160 CryptFF.b: infected - 1 skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,2,2006_18,30,15.zip/LimeWire.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,2,2006_18,30,15.zip ZIP: suspicious - 1 skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,2,2006_18,32,10.zip/LimeWire.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,2,2006_18,32,10.zip ZIP: suspicious - 1 skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,2,2006_18,33,29.zip/LimeWire.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,2,2006_18,33,29.zip ZIP: suspicious - 1 skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,3,2006_10,55,16.zip/LimeWire.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,3,2006_10,55,16.zip ZIP: suspicious - 1 skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,5,2006_10,52,7.zip/LimeWire.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\NoAdware4\NoAdwareBackup\1,5,2006_10,52,7.zip ZIP: suspicious - 1 skipped
C:\Program Files\a-squared Free\Quarantine\4744999e8fe966466b3e5db32273fff9.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP130/A0022998.exe Infected: not-a-virus:AdWare.Win32.Trustin.a skipped
C:\Program Files\a-squared Free\Quarantine\4744999e8fe966466b3e5db32273fff9.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\7eed043216c3df2fc992a9195a5cad1d.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP240/A0039538.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Program Files\a-squared Free\Quarantine\7eed043216c3df2fc992a9195a5cad1d.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\1871bbf269f33ace21967354e80e8aeb.a2q/Documents and Settings/Owner/Local Settings/Temp/iub70.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\a-squared Free\Quarantine\1871bbf269f33ace21967354e80e8aeb.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\1e167ed6d183cfb3ca2c6eee8732fc89.a2q/Documents and Settings/Owner/Local Settings/Temp/iub76.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\a-squared Free\Quarantine\1e167ed6d183cfb3ca2c6eee8732fc89.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\99107effa742ce31a97a978fdbfc1fcc.a2q/WINDOWS/system32/pushow61.dll Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped
C:\Program Files\a-squared Free\Quarantine\99107effa742ce31a97a978fdbfc1fcc.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\0bccf2ed5f135dea68f46a6b1bc38bd8.a2q/WINDOWS/system32/pushow62.dll Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped
C:\Program Files\a-squared Free\Quarantine\0bccf2ed5f135dea68f46a6b1bc38bd8.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\cd136eb42b722b3fc820eb277446c571.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP322/A0057161.DLL Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped
C:\Program Files\a-squared Free\Quarantine\cd136eb42b722b3fc820eb277446c571.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\5c3c4312c889d44b8d8eb62b6ad42085.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP322/A0057162.dll Infected: not-a-virus:AdWare.Win32.AdvertMen.a skipped
C:\Program Files\a-squared Free\Quarantine\5c3c4312c889d44b8d8eb62b6ad42085.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\956407132F7463699C58E3B12608C25BE6E9ED96.a2q/Documents and Settings/Owner/Local Settings/Temp/pspv/pspv.exe Infected: not-a-virus:PSWTool.Win32.PassView.b skipped
C:\Program Files\a-squared Free\Quarantine\956407132F7463699C58E3B12608C25BE6E9ED96.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\724A770A360AA9AFF3A05B94DC69D7099D326474.a2q/Documents and Settings/Owner/Local Settings/Temp/SmitfraudFix/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\a-squared Free\Quarantine\724A770A360AA9AFF3A05B94DC69D7099D326474.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\c035165f131457e777e0f057e962d58c.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP384/A0069671.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\a-squared Free\Quarantine\c035165f131457e777e0f057e962d58c.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP384/A0069671.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\a-squared Free\Quarantine\c035165f131457e777e0f057e962d58c.a2q ZIP: infected - 2 skipped
C:\Program Files\a-squared Free\Quarantine\fbc9e71bf1daf514c03148028a58f18d.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP445/A0085971.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\Program Files\a-squared Free\Quarantine\fbc9e71bf1daf514c03148028a58f18d.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\365aa87c321ba14046b30ca90b4f5cee.a2q/System Volume Information/_restore{912A26D4-FBBF-4FAB-B65C-9C8D7B9139E0}/RP445/A0085973.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\Program Files\a-squared Free\Quarantine\365aa87c321ba14046b30ca90b4f5cee.a2q ZIP: infected - 1 skipped
Scan process completed.
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

avg log missing

Unread postby Richie » July 24th, 2007, 12:07 am

I can't find reports in the avg file.
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

Unread postby Scotty » July 25th, 2007, 3:33 pm

Hello Richie

Start your antivirus console. If you are using Norton Systemworks, then you should be able to start from the start menu icon. If you have norton antivirus solo you can either find it in the programs menu or you can double click on the norton antivirus icon located in your system try (near the clock).

Once you have the console open you will want to click on ANTIVIRUS and then on REPORTS and then on QUARANTINE where you will see the list of viruses caught. Since these were obviously caught by Norton then you must have the virus definitions for this virus which is good and that is why it is now in quarantine. What you can do is DELETE each one by clicking on it so it is highlighted and then delete. After you have done this you will want to check the BACKUP folder as well and safely delete everything in here.

Next you will want to close all your programs running and then empty your recycle bin. If you are using Norton Utilities/System works then you will probably have a NORTON PROTECTED RECYCLE BIN as well. This means you will want to EMPTY the Norton Protected files AFTER you have emptied the normal recycle bin. Now you can be sure you have deleted everything.

For A-squared, open the program and select QUARANTINE and find the option to empty it. Similarly for NoAdware, although, they are called BACKUPS.

Navigate to this folder
C:\Documents and Settings\Owner\.housecall

and delete it.

Now post back with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Hijack this scan

Unread postby Richie » July 25th, 2007, 11:58 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:56:45 PM, on 25/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hpothb07.tif
O4 - Startup: hpothb07.dat
O4 - Startup: TweakTray.lnk = C:\Program Files\Codeforge\TweakAll3\TweakTray.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Richie
Regular Member
 
Posts: 17
Joined: June 24th, 2007, 12:57 pm

Unread postby Scotty » July 26th, 2007, 12:04 pm

Hello Richie

First, we need to delete a few things.
ComboFix.exe

and these folders
C:\Qoobox, C:\!Killbox, and the Smitfraudfix folder on your Desktop.

This is my usual speech for when you are clean, which you appear to be.
    Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable
    and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK


And take a look at this LINKY for further recommendations and tips to stay clean.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware