Tech Support Guy banner
Cancel

HJT log need help

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 22 Posts
S

· Registered
Joined
·
11 Posts
Discussion Starter · #1 ·
Started with an msn "worm" ... a link that got clicked and sends that same link to everyone else on your list. Anyways I am unable to update Bitdefender virus scan and unable to go on there website.. I am not sure if I am still sending links out to people on my msn but anyways... Someone tell me whats going on Thanks.

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM+ Messages - Unknown owner - D:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
D

· Registered
Joined
·
4,718 Posts
#3 ·
Hello there and welcome to TSG's security forum. :up:
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions.
There is a possibility some of the instructions will need to be carried out where internet access is not available.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and that you don't miss out any steps.
If you have any queries about the process or just general questions, just ask.

You have a Sdbot trojan backdoor infection.
W32/Sdbot-LM is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
It spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.

Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.
If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.

How do you make a permanent folder:

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O23 - Service: COM+ Messages - Unknown owner - D:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'. In the field, copy and paste the filepath a few lines below.
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes.:
D:\WINDOWS\system32\svchosts.exe

After the reboot, Open notepad and copy and paste the following text in the quote box into the window:
sc stop "COM+ Messages"
sc delete "COM+ Messages"
Click to expand...
Save this as fix.bat
Choose to save as all files.
This is how the batch must look afterwards:

Doubleclick fix.bat and let the program run.

I have a feeling you have disabled some entries from start up.
Have you used Msconfig to disable start-up programs? Before we begin continue you please please go to:
Start / Run and type msconfig in the 'Run' box. When the System Configuration Utility opens, click on the 'startup' Tab.
Make sure there is a checkmark beside every entry. Do not reboot when asked to by Windows to complete the change.

Download and save Blacklight to your desktop.
Double-click blbeta.exe then accept the agreement.
Click on scan then click next,
You'll see a list of all items found.
Do not choose for rename yet! I want to see the log first; legitimate items can also be present.
There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.
Also post a brand new Hijackthis log and we can move from there.

David
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #4 ·
Thanks, I did what you said and this is what I have came up with.

HJT

D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F3 - REG:win.ini: load=D:\WINDOWS\system32\kisjwglzz\winlogon.exe
F3 - REG:win.ini: run=D:\WINDOWS\system32\kisjwglzz\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [winlogon] ?
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: winlogon.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

and blbeta

12/31/06 09:54:56 [Info]: BlackLight Engine 1.0.55 initialized
12/31/06 09:54:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/31/06 09:55:07 [Note]: 7019 4
12/31/06 09:55:07 [Note]: 7005 0
12/31/06 09:55:12 [Note]: 7006 0
12/31/06 09:55:12 [Note]: 7011 1248
12/31/06 09:55:13 [Note]: 7026 0
12/31/06 09:55:14 [Note]: 7026 0
12/31/06 09:55:28 [Note]: FSRAW library version 1.7.1021
12/31/06 10:05:10 [Note]: 7007 0
 
Flrman1

· Registered
Joined
·
46,465 Posts
#5 ·
cY83r [email protected] said:
I am not yet qualified to offer advice on HijackThis logs.

;)
Click to expand...
cY83r [email protected],

Your post has been removed. Please see the forum rules regarding replying to security related threads:

http://www.techguy.org/rules.html
Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield
next to their name. Anyone wishing to participate in a training program should contact a Moderator for more information.
Click to expand...
Please refrain from replying to security related matters on this forum until you have presented evidence to one of the mods or admins here that proves you to be qualified to do so. If you are not yet qualified and interested in being trained, we will be glad to help you get enrolled at one of the free online training facilities. Just pm me or one of the other mods that work Security and we'll point you in the right direction.

Thank you for your cooperation :),

Mark
 
Save Share
S

· Registered
Joined
·
11 Posts
Discussion Starter · #7 ·
sorry here you go:
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:06:26 AM, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F3 - REG:win.ini: load=D:\WINDOWS\system32\kisjwglzz\winlogon.exe
F3 - REG:win.ini: run=D:\WINDOWS\system32\kisjwglzz\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [winlogon] ?
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: winlogon.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
D

· Registered
Joined
·
4,718 Posts
#8 ·
Hello there, let's continue.. :up:

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please Download MsnVirRem.exe to your desktop from here
First close any other programs you have running as this will require a reboot
Double click MsnVirRem.exe to run it
Once open, click the button labelled "Search and Destroy"
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "Reboot" Button.
After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
A Message should popup from MsnVirRem if not, double click the program again and it will finish
Please Post the contents of C:\msnvirrem.log in your next reply.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

F3 - REG:win.ini: load=D:\WINDOWS\system32\kisjwglzz\winlogon.exe
F3 - REG:win.ini: run=D:\WINDOWS\system32\kisjwglzz\winlogon.exe
O4 - HKLM\..\Run: [winlogon] ?
O4 - Startup: winlogon.lnk = ?

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Please find and delete this folder "if present":
D:\WINDOWS\system32\kisjwglzz

Reboot back to normal mode.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #9 ·
alright I had a problem downloading msnvirrem.exe it said something about a copy error... also now my virus scan (bitdefender) is picking it up as a virus or something ..

And when I went in safemode that file was not present.

Also when I ran the hijackthis scan. I got the following popup

"For some reason your system denied write access to the hosts file. If any Hijacked domains are in the file, HiJackThis may not be able to fix this.

If that happens you need to edit the file yourself with notepad.
Notepad. "D:\windows\system32\drivers\etc\hosts"

Anyways... heres the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:14 AM, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\sUBs\ComboFix.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

and the combofix log:

Chris - 07-01-01 11:14:41.47 Service Pack 2
ComboFix 06.11.27 - Running from: "D:\Documents and Settings\Chris\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:\WINDOWS\system32\netstat.com
D:\WINDOWS\system32\taskkill.com
D:\Program Files\Inetget2
D:\Program Files\Common Files\{3AD12A89-063A-4105-1101-020201190002}
D:\Program Files\Common Files\{6AD12A89-063A-4105-1101-020201190002}

((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))

2006-12-31 22:04 d-------- D:\Documents and Settings\Chris\Application Data\Google
2006-12-31 22:02 d-------- D:\Program Files\Google
2006-12-31 15:11 12,800 --a------ D:\ieupdate.exe
2006-12-31 00:25 d-------- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-31 00:23 d-------- D:\WINDOWS\system32\PreInstall
2006-12-31 00:22 22,752 --a------ D:\WINDOWS\system32\spupdsvc.exe
2006-12-31 00:22 d--h----- D:\WINDOWS\$hf_mig$
2006-12-31 00:14 d-------- D:\Program Files\Lavasoft
2006-12-30 23:57 d-------- D:\RootkitNO
2006-12-30 23:41 25,773 --a------ D:\WINDOWS\system32\drivers\regguard.sys
2006-12-30 23:30 d-------- D:\Program Files\Ipwindows
2006-12-30 22:55 92,485 --a------ D:\gp.exe
2006-12-30 22:51 d-------- D:\Documents and Settings\Chris\Application Data\Bitdefender
2006-12-30 22:43 d-------- D:\Documents and Settings\All Users\Application Data\BitDefender
2006-12-30 22:42 d-------- D:\Program Files\Softwin
2006-12-30 22:31 d--hs---- D:\Config.Msi
2006-12-30 22:24 d-------- D:\Program Files\Common Files\Softwin
2006-12-30 21:47 d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2006-12-30 21:09 d-------- D:\Documents and Settings\Chris\Application Data\Lavasoft
2006-12-30 19:52 d-------- D:\WINDOWS\system32\SoftwareDistribution
2006-12-30 18:20 d--h----- D:\WINDOWS\PIF
2006-12-30 18:01 d-------- D:\Documents and Settings\All Users\Application Data\Symantec
2006-12-30 17:59 d-------- D:\Program Files\Common Files\Symantec Shared
2006-12-30 17:31 d--hs---- D:\WINDOWS\system32\kisjwglzz

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-01 11:15 -------- d-------- D:\Program Files\Common Files
2006-12-31 22:02 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-12-31 22:01 -------- d---s---- D:\Documents and Settings\Chris\Application Data\Microsoft
2006-12-31 22:01 -------- d-------- D:\Program Files\Common Files\InstallShield
2006-12-31 03:22 -------- d-------- D:\Program Files\Internet Explorer
2006-12-31 03:12 -------- d-------- D:\Program Files\Windows Media Player
2006-12-31 03:04 -------- d-------- D:\Program Files\Outlook Express
2006-12-31 03:04 -------- d-------- D:\Program Files\Common Files\System
2006-12-30 23:25 -------- d-------- D:\Program Files\Messenger
2006-12-07 17:02 2174976 --a------ D:\WINDOWS\system32\wmvcore.dll
2006-11-07 21:06 679424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-10-19 05:56 713216 --a------ D:\WINDOWS\system32\sxs.dll
2006-10-13 04:35 65536 --a------ D:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ D:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ D:\WINDOWS\system32\nwprovau.dll
2006-10-02 05:19 62 --ahs---- D:\Documents and Settings\Chris\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"D:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"winlogon"=""
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BDMCon"="\"D:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"D:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"winlogon"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
"Operation"=dword:00000001
"Target"="\\??\\D:\\PROGRA~1\\IPWIND~1\\IPWINS.EXE"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
"Operation"=dword:00000001
"Target"="D:\\PROGRA~1\\COMMON~1\\{6AD12~1\\UPDATE.EXE"
"Source"=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-01 11:16:03.20
D:\ComboFix.txt ... 07-01-01 11:16
 
D

· Registered
Joined
·
4,718 Posts
#10 ·
Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

D:\ieupdate.exe
D:\Program Files\Ipwindows
D:\WINDOWS\system32\kisjwglzz

Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"winlogon"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"winlogon"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
Click to expand...
Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Please download, install, and update AVG antispyware
Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.
Click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button.
AVG antispyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As".
This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close AVG antispyware and reboot!! Please post the log in your next reply.
Also post a new Hijackthis log.
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #11 ·
I am unable to download the avg program... When I click on the link my net just does not find the page ... same as the previous program you talked about in the previous post (two posts ago...)
I will do what I am able to do and post the current HJT log.
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #12 ·
Also I am having a problem with the copying and pasting of the bold text into the notepad... once i save it and go to open it I get "fix.reg is not a vaild win32 application."
 
D

· Registered
Joined
·
4,718 Posts
#13 ·
Let's try and repair the internet connection:
Go to start > run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
Hit enter and reboot.

Now try the AVG download link again..Does it work?
 
D

· Registered
Joined
·
4,718 Posts
#15 ·
Does this happen with all websites, or just ones related to security?
I think your hosts file might be blocking these connections...
Please download hoster from here
Unzip Hoster.zip, and open Hoster.exe
Then click on "Restore Microsoft's Hosts File"
Close program when complete.
Now reboot the computer and try the link again, and let me know if it works.
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #16 ·
It only happens to certain sites.. that link and also the bitdefender site for sure..

still nothing but problems.. downloaded that hoster program .. oepn it up and get a warning pop-up:
"Your hosts file is marked as a "system file" and can NOT be manipulated. Press ok to remove hidden and system attributes."
I clicked ok and get and error pop-up

"Error: Cannot open file D:\windows\system32\drivers\etc\hosts"

Yep so thats all..
 
D

· Registered
Joined
·
4,718 Posts
#17 ·
Copy the hoster program to your C: drive.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Log in under the administrator account.

Now repeat the instructions from my previous post, do you get an error?
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #18 ·
hey no reply from me in abit but heres the AVG and HJT logs..

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:28:51 PM 11/01/2007

+ Scan result:

C:\System Volume Information\_restore{70536AB7-69C8-4B78-AA77-BC69549E54A7}\RP122\A0070583.exe -> Adware.DealHelper : Cleaned.
:mozilla.463:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.464:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.240:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.242:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.243:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.351:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.533:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.620:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.569:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.108:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.209:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.210:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.211:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.444:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.445:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.304:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.305:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.306:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.307:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.308:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.309:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.57:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.58:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.459:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.203:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.100:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.106:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.99:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.161:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.163:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.167:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.168:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.116:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.42:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.20:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.185:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.186:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.216:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.218:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.223:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.227:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.228:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.414:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.563:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.21:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.22:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.23:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.24:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.90:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.303:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.353:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.556:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.109:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.110:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.111:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.193:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.226:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.298:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.376:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.527:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.541:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.581:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.582:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.589:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.590:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.591:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.192:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.267:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.270:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.271:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.277:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.278:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.235:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.140:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.141:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.460:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.259:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.260:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.261:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.262:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.234:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.238:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.46:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.47:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.48:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.423:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.428:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.429:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.430:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.431:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.432:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.433:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.434:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.435:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.154:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.155:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.215:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.217:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.557:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.558:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.559:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.560:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Sexlist : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.129:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.131:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.133:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.134:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.137:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.123:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.294:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.524:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.525:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.142:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.519:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.38:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.387:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.388:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.389:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.390:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.83:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.326:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.327:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.328:C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\6iinbwz0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end
 
S

· Registered
Joined
·
11 Posts
Discussion Starter · #19 ·
And HJT

Logfile of HijackThis v1.99.1
Scan saved at 7:54:19 PM, on 11/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

thank you
 
1 - 20 of 22 Posts
Status
Not open for further replies.
About this Discussion
21 Replies
4 Participants
Last post:
D_Trojanator
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top