Scan saved at 6:10:44 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmasy\tmasy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:33:57 PM 4/17/2007
+ Scan result:
D:\found.000\dir0000.chk\_restore{97B0DBCF-605D-4333-B466-157A45B5A5B2}\RP20\A0013300.dll -> Adware.Minibug : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@realnetworks.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@sonymediasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@turnersports.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@techrepublic.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@http-mw.edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\BobGod\Cookies\bobgod@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
....
Hosts file was reset, If you use a custom hosts file please replace it
Rustock pe386 is present
Rustock msguard is present
Rustock lzx32 is present
Rustock huy32 is present
»»»»» End report »»»»»
Everything seems to be running fine now, much thanx guys.