Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 28 Posts

·
Registered
Joined
·
17 Posts
Discussion Starter · #1 ·
If anyone can help I'd appreciate it. Seems that my laptop is infected and showing the typical symptoms... popups and attempted access (blocked via s/w firewall). Please help me understand what steps to take.

Appreciate your help.
 

·
Retired Moderator
Joined
·
72,109 Posts
Hi, Welcome to TSG!!

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #3 ·
Appreciate the quick reply.

Logfile of HijackThis v1.99.1
Scan saved at 7:27:29 AM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: %ur|
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\ychkhpgu.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Download the Hoster and unzip it to your desktop.
www.funkytoad.com/download/hoster.zip
Next, open the Hoster
Make sure that you see "Your hosts file is editable" if not click the button in the upper right corner.
Now, click on 'back up Host files'
then click on 'Restore Microsoft's orginal host files'
Finally, close the hoster.

Download this tool
http://www.mvps.org/winhelp2002/DelDomains.inf
Right click on the file and choose install.

Run HJT again and put a check in the following:

O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\ychkhpgu.dll",setvm
O4 - HKCU\..\Run: [CSRSSW] C:\WINDOWS\System32\CSRSSW.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab

Close all applications and browser windows before you click "fix checked".

Click Here and download Killbox and save it to your desktop.

Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINDOWS\System32\CSRSSW.EXE
C:\WINDOWS\System32\ychkhpgu.dll
C:\Program Files\VSAdd-in


Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #5 ·
Thanks.

I was unable to delete C:\WINDOWS\System32\CSRSSW.EXE , Killbox would not allow me to paste. Everything else went per your instructions.

Here is the AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:33:02 AM 1/16/2007

+ Scan result:



C:\temp\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1811DDD-4447-407E-94BB-1862EAE864D1}\RP607\A0100723.EXE -> Adware.Background : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WTLBAss.VDOMP\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\stoolbd.dll -> Adware.FastLook : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\VSToolbar\VSToolBar.dll -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pijovylf.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\scdbbryn.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\java\classes\nifoars.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vtstt.dll -> Downloader.ConHook.q : Cleaned with backup (quarantined).
C:\bla.exe -> Downloader.Small.aaq : Cleaned with backup (quarantined).
C:\cleol23oad.exe -> Hijacker.Small.ma : Cleaned with backup (quarantined).
C:\medsload.exe -> Hijacker.Small.ma : Cleaned with backup (quarantined).
C:\WINDOWS\WTLBUI.exe -> Hijacker.StartPage.ig : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jvrmbwcj.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rdqxpmuj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmmgcdtu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.104:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.103:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.111:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.112:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.53:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.49:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.79:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.81:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.192:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.193:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.194:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.195:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.52:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.92:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.93:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.142:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.144:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.145:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.140:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.141:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.107:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.109:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.110:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.133:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.134:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.135:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.136:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.137:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.138:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.139:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.100:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.101:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.102:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.82:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.83:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.84:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.85:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.86:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.88:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.94:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.95:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.96:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.97:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.98:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.224:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.225:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.226:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.227:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.228:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.229:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.X10 : Cleaned.
:mozilla.168:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.169:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.170:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.171:C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\DP.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\geoemgyx.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brxynkfc.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kowspxpj.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mvluocnc.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nixqodme.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).


::Report end
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #9 ·
Lots of crap running on this computer. Guess thats what happens when 4 people use it regularly.

Logfile of HijackThis v1.99.1
Scan saved at 10:49:59 PM, on 1/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\nmjfvwle.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #11 ·
Logfile of HijackThis v1.99.1
Scan saved at 9:21:17 PM, on 1/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Real\REALPL~1\trueplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll (file missing)
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #12 ·
VundoFix V6.3.2

Checking Java version...

Java version is 1.4.2.3

Scan started at 9:09:53 PM 1/25/2007

Listing files found while scanning....

C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\java\classes\nifoars.dll
C:\WINDOWS\java\classes\sraofin.bak1
C:\WINDOWS\java\classes\sraofin.bak2
C:\WINDOWS\java\classes\sraofin.ini
C:\WINDOWS\java\classes\sraofin.tmp
C:\WINDOWS\System32\alrwberq.dll
C:\WINDOWS\system32\bajpcuik.dll
C:\WINDOWS\System32\brxynkfc.dll
C:\WINDOWS\system32\cpkcrxwu.dll
C:\WINDOWS\system32\elwvfjmn.ini
C:\WINDOWS\system32\fckhnnlo.dll
C:\WINDOWS\System32\gadabspx.dll
C:\WINDOWS\system32\gjygaqnp.dll
C:\WINDOWS\system32\khnelfeg.dll
C:\WINDOWS\System32\kowspxpj.dll
C:\WINDOWS\System32\mvluocnc.dll
C:\WINDOWS\system32\nmjfvwle.dll
C:\WINDOWS\System32\pndiujjj.dll
C:\WINDOWS\system32\qgsxgtic.exe

Beginning removal...

Attempting to delete C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Trena\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.bak1
C:\WINDOWS\java\classes\sraofin.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.bak2
C:\WINDOWS\java\classes\sraofin.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.ini
C:\WINDOWS\java\classes\sraofin.ini Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\sraofin.tmp
C:\WINDOWS\java\classes\sraofin.tmp Has been deleted!

Attempting to delete C:\WINDOWS\System32\alrwberq.dll
C:\WINDOWS\System32\alrwberq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bajpcuik.dll
C:\WINDOWS\system32\bajpcuik.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cpkcrxwu.dll
C:\WINDOWS\system32\cpkcrxwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\elwvfjmn.ini
C:\WINDOWS\system32\elwvfjmn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fckhnnlo.dll
C:\WINDOWS\system32\fckhnnlo.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\gadabspx.dll
C:\WINDOWS\System32\gadabspx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjygaqnp.dll
C:\WINDOWS\system32\gjygaqnp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khnelfeg.dll
C:\WINDOWS\system32\khnelfeg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmjfvwle.dll
C:\WINDOWS\system32\nmjfvwle.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\pndiujjj.dll
C:\WINDOWS\System32\pndiujjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgsxgtic.exe
C:\WINDOWS\system32\qgsxgtic.exe Has been deleted!

Performing Repairs to the registry.
Done!
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #14 ·
Logfile of HijackThis v1.99.1
Scan saved at 7:26:41 PM, on 1/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Real\REALPL~1\trueplay.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll (file missing)
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {205832CF-C341-41B5-93E8-E4AB0490A9EB} - C:\WINDOWS\java\classes\nifoars.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\gadabspx.dll (file missing)
O2 - BHO: VDOMP Class - {A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3} - C:\WINDOWS\wtlbass32.dll (file missing)
O2 - BHO: (no name) - {AD96D758-4A9D-4299-9BF2-7783F377BFB6} - C:\WINDOWS\System32\cvmcijhb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (file missing) (HKCU)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: nifoars - C:\WINDOWS\java\classes\nifoars.dll (file missing)

Close all applications and browser windows before you click "fix checked".

Restart the machine.

Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

Post a new HiJack This log along with the results from ActiveScan.
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #16 ·
Logfile of HijackThis v1.99.1
Scan saved at 8:37:43 PM, on 1/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPointsToolbarHelper Class - {5C2073DD-2ED6-4FF9-80D1-543F720043A9} - C:\Program Files\MyPoints Visual Search\snapbar1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MyPoints Visual Search - {E92BEFBA-E79D-4F41-9733-68DA49C4492B} - C:\Program Files\MyPoints Visual Search\snapbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #17 ·
Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected]****s[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #18 ·
Continued from above
================
Not disinfected C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
Hacktool:Exploit/Mhtredir.T Not disinfected C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\VISZ71WD\hp2[1].htm
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Trena\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-6d21c39a.zip[javainstaller/InstallerApplet.class]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.adrevolver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Trena\Application Data\Mozilla\Profiles\curt\3jllfngc.slt\cookies.txt[.questionmarket.com/]
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\alrwberq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\bajpcuik.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cpkcrxwu.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fckhnnlo.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\gjygaqnp.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\khnelfeg.dll.bad
Adware:Adware/Alexa-Toolbar Not disinfected C:\VundoFix Backups\pndiujjj.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\qgsxgtic.exe.bad
Adware:Adware/TopRebates Not disinfected C:\WINDOWS\Downloaded Program Files\MyPointsPointAlert_InstallSilent.inf
Adware:Adware/TopRebates Not disinfected C:\WINDOWS\Downloaded Program Files\UpromiseRemindU_InstallSilent.inf
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ayqvcblv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\aytoquco.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cuppgkwp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dhqeoqek.dll
Adware:Adware/Henbang Not disinfected C:\WINDOWS\system32\dumvmwsn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gfgffssa.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\klmledwj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kxckolow.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pboitlst.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vbcovqcp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vxdbwbww.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wttpmuwo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xclxohld.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ydapslht.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yksvanfk.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ysvoidba.dll
 

·
Retired Moderator
Joined
·
72,109 Posts
Clear your java cache as described here: http://www.java.com/en/download/help/5000020300.xml

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy the entire contents of the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\Downloaded Program Files\UpromiseRemindU_InstallSilent.inf
C:\WINDOWS\Downloaded Program Files\MyPointsPointAlert_InstallSilent.inf
C:\WINDOWS\system32\ayqvcblv.dll
C:\WINDOWS\system32\aytoquco.dll
C:\WINDOWS\system32\cuppgkwp.dll
C:\WINDOWS\system32\dhqeoqek.dll
C:\WINDOWS\system32\dumvmwsn.dll
C:\WINDOWS\system32\gfgffssa.dll
C:\WINDOWS\system32\klmledwj.dll
C:\WINDOWS\system32\kxckolow.dll
C:\WINDOWS\system32\pboitlst.dll
C:\WINDOWS\system32\vbcovqcp.dll
C:\WINDOWS\system32\vxdbwbww.dll
C:\WINDOWS\system32\wttpmuwo.dll
C:\WINDOWS\system32\xclxohld.dll
C:\WINDOWS\system32\ydapslht.exe
C:\WINDOWS\system32\yksvanfk.dll
C:\WINDOWS\system32\ysvoidba.dll

Folders to delete:
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\VISZ71WD
C:\Program Files\MyWay

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

VundoFix has been updated. Delete the one you have and download it again.
VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.

Download (save) combofix from one of these two sites:
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please copy/paste the the following in your next reply:
c:\avenger.txt
hijackthis log
C:\vundofix.txt
log from combofix.
 

·
Registered
Joined
·
17 Posts
Discussion Starter · #20 ·
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gsduuaoo

*******************

Script file located at: \??\C:\WINDOWS\keyvapsh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Downloaded Program Files\UpromiseRemindU_InstallSilent.inf deleted successfully.
File C:\WINDOWS\Downloaded Program Files\MyPointsPointAlert_InstallSilent.inf deleted successfully.
File C:\WINDOWS\system32\ayqvcblv.dll deleted successfully.
File C:\WINDOWS\system32\aytoquco.dll deleted successfully.
File C:\WINDOWS\system32\cuppgkwp.dll deleted successfully.
File C:\WINDOWS\system32\dhqeoqek.dll deleted successfully.
File C:\WINDOWS\system32\dumvmwsn.dll deleted successfully.
File C:\WINDOWS\system32\gfgffssa.dll deleted successfully.
File C:\WINDOWS\system32\klmledwj.dll deleted successfully.
File C:\WINDOWS\system32\kxckolow.dll deleted successfully.
File C:\WINDOWS\system32\pboitlst.dll deleted successfully.
File C:\WINDOWS\system32\vbcovqcp.dll deleted successfully.
File C:\WINDOWS\system32\vxdbwbww.dll deleted successfully.
File C:\WINDOWS\system32\wttpmuwo.dll deleted successfully.
File C:\WINDOWS\system32\xclxohld.dll deleted successfully.
File C:\WINDOWS\system32\ydapslht.exe deleted successfully.
File C:\WINDOWS\system32\yksvanfk.dll deleted successfully.
File C:\WINDOWS\system32\ysvoidba.dll deleted successfully.
Folder C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\VISZ71WD deleted successfully.
Folder C:\Program Files\MyWay deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
1 - 20 of 28 Posts
Status
Not open for further replies.
Top