Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Help needed, Thanks

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Help needed, Thanks

Unread postby rackun » September 15th, 2007, 7:48 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 07:46:40, on 2007/9/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\qomjkih.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7CCAA042-870E-4347-81C8-8E4ADFCD5362} - C:\WINDOWS\system32\awvtu.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4657815733
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: qomjkih - C:\WINDOWS\SYSTEM32\qomjkih.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6180 bytes
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am
Advertisement
Register to Remove

Unread postby Kairis » September 15th, 2007, 12:50 pm

Hi and welcome to the Malware Removal forums.
My name is Kairis. I'll be glad to help you with your computer problems.
I have to let experts check the content of my fixes before I post.

HijackThis logs can take some time to research. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

Please be patient.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby rackun » September 15th, 2007, 5:36 pm

Thanks, Kairis, for replying.
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby Kairis » September 16th, 2007, 1:04 pm

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.


Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button"
when VundoFix appears at reboot.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby rackun » September 16th, 2007, 8:23 pm

VundoFix V6.5.8

Checking Java version...

Scan started at 上午 08:15:12 2007/9/17

Listing files found while scanning....

C:\WINDOWS\system32\awvtu.dll

Beginning removal...

Performing Repairs to the registry.
Done!
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby rackun » September 16th, 2007, 8:23 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 08:21:25, on 2007/9/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\qomjkih.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7CCAA042-870E-4347-81C8-8E4ADFCD5362} - C:\WINDOWS\system32\awvtu.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4657815733
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O20 - Winlogon Notify: qomjkih - C:\WINDOWS\SYSTEM32\qomjkih.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6206 bytes
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby Kairis » September 17th, 2007, 3:08 am

Vundo infection is still there, lets take another tool:
Download ComboFix from Here or Here to your Desktop.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby rackun » September 17th, 2007, 8:13 am

ComboFix 07-09-17.2 - "rackun" 2007-09-17 20:08:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.898 [GMT 8:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))
.

2007-09-17 19:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-16 22:05 <DIR> d-------- C:\Program Files\IrfanView
2007-09-15 18:00 <DIR> d-------- C:\Program Files\a-squared Free
2007-09-15 17:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-15 09:38 <DIR> d-------- C:\VundoFix Backups
2007-09-15 01:21 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-09-15 01:21 <DIR> d-------- C:\spywarebegone
2007-09-15 01:00 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2007-09-15 00:54 <DIR> d-------- C:\Program Files\FBM Software
2007-09-14 02:06 <DIR> d-------- C:\WINDOWS\pss
2007-09-14 01:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-14 01:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-14 01:21 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-09-14 01:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-14 01:21 <DIR> d-------- C:\Program Files\DAP
2007-09-14 01:13 12,290,511 --------- C:\AVG7QT.DAT
2007-09-13 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-13 08:05 109,600 --a------ C:\WINDOWS\system32\sptll.dll
2007-08-31 18:54 <DIR> d-------- C:\DOCUME~1\rackun\APPLIC~1\Sports Interactive
2007-08-17 23:07 <DIR> d-------- C:\Program Files\Winamp
2007-08-17 22:18 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-17 22:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-17 22:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-17 12:20 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-08-17 12:18 <DIR> d-------- C:\Program Files\WIZET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 01:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 23:56 --------- d-------- C:\Program Files\JY007-II
2007-09-12 14:05 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\OpenOffice.org2
2007-08-31 18:53 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-15 15:57 --------- d-------- C:\Program Files\ImgBurn
2007-08-15 14:36 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\ImgBurn
2007-08-08 22:30 --------- d-------- C:\Program Files\BitComet
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 15:59 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-26 15:59 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-26 02:27 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\Real
2007-07-18 19:26 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\Media Player Classic
2007-07-18 19:25 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-18 19:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-07-18 18:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-17 22:14 --------- d-------- C:\Program Files\Sports Interactive
2007-07-17 22:13 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-17 22:10 --------- d-------- C:\Program Files\DAEMON Tools
2007-07-17 22:04 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-17 18:30 --------- d-------- C:\Program Files\MSN Messenger
2007-07-17 15:55 --------- d-------- C:\Program Files\ChineseGamer
2007-07-17 15:42 --------- d-------- C:\Program Files\OpenOffice.org 2.0
2007-07-17 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-17 15:24 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\Comodo
2007-07-17 15:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-17 15:18 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-17 15:18 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-17 15:07 --------- d-------- C:\Program Files\Broadcom
2007-07-17 15:06 --------- d-------- C:\Program Files\Realtek Sound Manager
2007-07-17 15:06 --------- d-------- C:\Program Files\AvRack
2007-07-17 15:05 --------- d-------- C:\Program Files\Intel
2007-07-17 14:59 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
1997-10-24 13:20 25088 --a------ C:\WINDOWS\inf\regl3acm.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CCAA042-870E-4347-81C8-8E4ADFCD5362}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:32]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 02:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-07 03:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

R3 Dot4 HPH11;Dot4 HPH11;C:\WINDOWS\system32\DRIVERS\hphid411.sys
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;C:\WINDOWS\system32\DRIVERS\hphipr11.sys
R3 Dot4Usb HPH11;Dot4Usb HPH11;C:\WINDOWS\system32\drivers\hphius11.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 20:09:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-17 20:10:26
C:\ComboFix-quarantined-files.txt ... 2007-09-17 20:10
C:\ComboFix2.txt ... 2007-09-17 19:53
C:\ComboFix3.txt ... 2007-09-17 19:50
.
--- E O F ---
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby rackun » September 17th, 2007, 8:13 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 08:12:14, on 2007/9/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7CCAA042-870E-4347-81C8-8E4ADFCD5362} - C:\WINDOWS\system32\awvtu.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4657815733
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5987 bytes
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby Kairis » September 17th, 2007, 1:25 pm

Thanks for the logs.
Lets continue:
Check that combofix.exe is on your Desktop
Then open Notepad: press Start->Run, type notepad and click OK
Copy/paste the contents of the below code box into Notepad:
Code: Select all
Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CCAA042-870E-4347-81C8-8E4ADFCD5362}] 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu] 

File:: 

C:\WINDOWS\system32\sptll.dll 

Folder::

C:\VundoFix Backups 

Save this to your Desktop as CFScript.txt
Image
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Next:

After you have completed the above, please provide:
* Combofix log (C:\Combofix.txt)
* new HijackThis log
* description of any problems you are having with your PC
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby rackun » September 17th, 2007, 5:28 pm

ComboFix 07-09-17.2 - "rackun" 2007-09-18 5:21:12.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.844 [GMT 8:00]
Command switches used :: C:\Documents and Settings\rackun\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\sptll.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\utvwa.bak1.bad
C:\VundoFix Backups\utvwa.bak2.bad
C:\VundoFix Backups\utvwa.ini.bad
C:\WINDOWS\system32\sptll.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))
.

2007-09-17 19:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-16 22:05 <DIR> d-------- C:\Program Files\IrfanView
2007-09-15 18:00 <DIR> d-------- C:\Program Files\a-squared Free
2007-09-15 17:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-15 01:21 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-09-15 01:21 <DIR> d-------- C:\spywarebegone
2007-09-15 01:00 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2007-09-15 00:54 <DIR> d-------- C:\Program Files\FBM Software
2007-09-14 02:06 <DIR> d-------- C:\WINDOWS\pss
2007-09-14 01:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-14 01:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-14 01:21 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-09-14 01:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-14 01:21 <DIR> d-------- C:\Program Files\DAP
2007-09-14 01:13 12,290,511 --------- C:\AVG7QT.DAT
2007-09-13 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-31 18:54 <DIR> d-------- C:\DOCUME~1\rackun\APPLIC~1\Sports Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 22:01 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\OpenOffice.org2
2007-09-15 01:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 23:56 --------- d-------- C:\Program Files\JY007-II
2007-09-13 08:11 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-31 18:53 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-17 23:08 --------- d-------- C:\Program Files\Winamp
2007-08-17 12:18 --------- d-------- C:\Program Files\WIZET
2007-08-15 15:57 --------- d-------- C:\Program Files\ImgBurn
2007-08-15 14:36 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\ImgBurn
2007-08-08 22:30 --------- d-------- C:\Program Files\BitComet
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 15:59 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-26 15:59 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-26 02:27 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\Real
2007-07-18 19:26 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\Media Player Classic
2007-07-18 19:25 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-18 19:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-07-18 18:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-07-17 22:14 --------- d-------- C:\Program Files\Sports Interactive
2007-07-17 22:13 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-17 22:10 --------- d-------- C:\Program Files\DAEMON Tools
2007-07-17 22:04 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-17 18:30 --------- d-------- C:\Program Files\MSN Messenger
2007-07-17 15:55 --------- d-------- C:\Program Files\ChineseGamer
2007-07-17 15:42 --------- d-------- C:\Program Files\OpenOffice.org 2.0
2007-07-17 15:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-17 15:24 --------- d-------- C:\DOCUME~1\rackun\APPLIC~1\Comodo
2007-07-17 15:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-17 15:18 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-17 15:18 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-17 15:07 --------- d-------- C:\Program Files\Broadcom
2007-07-17 15:06 --------- d-------- C:\Program Files\Realtek Sound Manager
2007-07-17 15:06 --------- d-------- C:\Program Files\AvRack
2007-07-17 15:05 --------- d-------- C:\Program Files\Intel
2007-07-17 14:59 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
1997-10-24 13:20 25088 --a------ C:\WINDOWS\inf\regl3acm.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:32]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 02:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-07 03:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

R3 Dot4 HPH11;Dot4 HPH11;C:\WINDOWS\system32\DRIVERS\hphid411.sys
R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11;C:\WINDOWS\system32\DRIVERS\hphipr11.sys
R3 Dot4Usb HPH11;Dot4Usb HPH11;C:\WINDOWS\system32\drivers\hphius11.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 05:24:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 5:25:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 05:25
C:\ComboFix2.txt ... 2007-09-17 20:10
C:\ComboFix3.txt ... 2007-09-17 19:53
.
--- E O F ---
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby rackun » September 17th, 2007, 5:28 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 05:26:53, on 2007/9/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4657815733
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5890 bytes
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby Kairis » September 19th, 2007, 1:40 am

Once again. Better be safe than sorry.

Please download ATF Cleaner
-¤- Double-click ATF-Cleaner.exe to run the program.
-¤- Under Main choose: Select All
-¤- Click the Empty Selected button.
If you use Firefox browser
-¤- Click Firefox at the top and choose: Select All
-¤- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
-¤- Click Opera at the top and choose: Select All
-¤- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
-¤- Click Exit on the Main menu to close the program.

Please follow the instructions provided, you may want to print out these instructions and use them as a reference:
AVG Anti-Spyware only works on Windows 2000 and Windows XP (32-Bit)
Download AVG Anti-Spyware 7.5 and save that file to your desktop.

  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.

    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"

    * Un-Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping
    the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on
    your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the
    AVG Anti-Spyware report scan and a new HijackThis log, thanks.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby rackun » September 19th, 2007, 3:14 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 03:06:29, on 2007/9/19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4657815733
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6148 bytes
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am

Unread postby rackun » September 19th, 2007, 3:26 am

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 下午 03:02:53 2007/9/19

+ Scan result:



:mozilla.190:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.37:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.71:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.73:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.76:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.77:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.121:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.108:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.109:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.112:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.268:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.269:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.270:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.41:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.516:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.258:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.162:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.163:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.164:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.271:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.272:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.85:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.86:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.87:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.88:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.89:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.90:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.91:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.92:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.93:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.94:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.95:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.96:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.62:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.166:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.167:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.168:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.169:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.170:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.171:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.54:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.61:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.600:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.115:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.116:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.117:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.118:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.119:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.214:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.224:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.140:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.141:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.551:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.552:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.260:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.15:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.16:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.17:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.217:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.218:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.161:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.620:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.201:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.202:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.203:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.204:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.205:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.206:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.207:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.228:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.229:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.187:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.188:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.246:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.247:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.254:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.255:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.236:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.237:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.238:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.239:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.240:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.241:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.230:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.231:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.232:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.233:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.125:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.189:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.549:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.276:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.156:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.157:C:\Documents and Settings\rackun\Application Data\Mozilla\Firefox\Profiles\0ad61fjo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
rackun
Active Member
 
Posts: 11
Joined: September 15th, 2007, 5:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: wannabeageek and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware