Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack This Log -- Outerinfo


  • This topic is locked This topic is locked
9 replies to this topic

#1 adriana

adriana

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 23 April 2007 - 11:55 AM

hello, i am new to this forum... i just recently was bombarded by pop-up ads and after seeing and deleting "outerinfo" from the add/remove programs list, the problem persisted. upon research, i realized that this was a common problem. i read somewhere i should do a log og hijack this but to me this is just a bunch of words so i would greatly greatly greatly appreciate it if someone could please please please assist me. thankyou sooo much in advance... --adriana

Logfile of HijackThis v1.99.1
Scan saved at 12:49:19 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\bceoxmnm.dll",setvm
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MSWin-1991231035.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...scifi-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MSWin-1991231035.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    Advertisements

Register to Remove


#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 23 April 2007 - 12:06 PM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 24 April 2007 - 06:17 AM

Hello :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Rename HijackThis.exe to Scanner.exe !


Post:
- A fresh HijackThis log
- Contents of C:\ComboFix.txt

#4 adriana

adriana

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 24 April 2007 - 07:17 AM

new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:16:14 AM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\hlohiwcu.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MSWin-1991231035.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...scifi-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MSWin-1991231035.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS












combo fix log






"Owner" - 07-04-24 7:57:47 Service Pack 2
ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bceoxmnm.dll
C:\WINDOWS\system32\vnxlhcql.dll
C:\WINDOWS\system32\iriiwsvc.dll
C:\WINDOWS\system32\efeca.dll
C:\WINDOWS\system32\hlohiwcu.dll
C:\WINDOWS\system32\awtqopq.dll
C:\WINDOWS\system32\acefe.ini
C:\WINDOWS\system32\moqru.bak1
C:\WINDOWS\system32\moqru.bak2
C:\WINDOWS\system32\moqru.ini
C:\WINDOWS\system32\urqom.dll
C:\WINDOWS\system32\yayvvts.dll
C:\WINDOWS\system32\mnmxoecb.ini
C:\WINDOWS\system32\lqchlxnv.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\w.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\hosts
C:\WINDOWS\secure32.html


((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))


2007-04-23 11:46 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\U3
2007-04-23 11:44 4,669 --a------ C:\WINDOWS\lo902519174.exe
2007-04-23 11:43 4,669 --a------ C:\lo902519174.exe
2007-04-10 00:16 <DIR> d-------- C:\Program Files\iTunes
2007-04-10 00:13 <DIR> d-------- C:\Program Files\Apple Software Update
2007-03-30 09:08 <DIR> d--h----- C:\DOCUME~1\Owner\APPLIC~1\Move Networks


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-23 07:47 -------- d-------- C:\Program Files\mirc
2007-04-23 00:10 -------- d-------- C:\Program Files\soulseek-test
2007-04-10 00:16 -------- d-------- C:\Program Files\ipod
2007-04-10 00:15 -------- d-------- C:\Program Files\quicktime
2007-04-04 19:18 -------- d--h----- C:\Program Files\installshield installation information
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\hlohiwcu.dll [x]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} c:\program files\mcafee\spamkiller\mcapfbho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\bigfix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeadAIM"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09826001-48e5-11da-bf8e-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1019e541-51ec-11da-9c61-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{815a0671-62bc-11da-b957-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 08:05:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-24 8:07:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-24 08:07

#5 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 25 April 2007 - 08:12 AM

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{1557B435-8242-4686-9AA3-9265BF7525A4}"=-

It should look like this -> Posted Image

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open HijackThis, Click Do a system scan only, checkmark these. Then close all others windows except HijackThis and press fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\hlohiwcu.dll (file missing)
O4 - Startup: MSWin-1991231035.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MSWin-1991231035.exe


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open Notepad
-> copy the following lines into a new document:

@echo off
sc delete "Microsoft IEUpdater2"
exit

Save the document to your desktop as Fix.bat and filetype: All Files
Go to your desktop and run the file Fix.bat and answer yes to any questions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Delete these files: (if found)
C:\WINDOWS\lo902519174.exe
C:\lo902519174.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MSWin-1991231035.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post:
- A fresh HijackThis log
- AVG's log
- Contents of Report.txt

#6 adriana

adriana

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 April 2007 - 08:00 AM

thankyou for all of your help thus far. i am at my wits end because this has terribly terribly terribly slowed down my computer!!!

hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:58:45 AM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exe
C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\AOLMediaPlaybackControl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\hggdbxv.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {A1DE93B4-D1A5-42D2-8A32-AE8BBB677502} - C:\WINDOWS\system32\sstut.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\dthtkqik.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\ukrgyiek.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...scifi-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O20 - Winlogon Notify: hggdbxv - hggdbxv.dll (file missing)
O20 - Winlogon Notify: sstut - C:\WINDOWS\system32\sstut.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS




avg logfile

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:35:04 PM 4/25/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqopq.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvvts.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0030309.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0030316.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hggdabb.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hggdbxv.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\w.exe.vir -> Downloader.Agent.aie : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0030303.exe -> Downloader.Agent.aie : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070425-182534-908-MSWin-1991231035.exe -> Downloader.Murlo.fd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP443\A0030445.exe -> Downloader.Murlo.fd : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP442\A0030301.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-238397636-2059689480-754597021-1003\Dc1.exe -> Downloader.Small.bve : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-238397636-2059689480-754597021-1003\Dc2.exe -> Downloader.Small.bve : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.388:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.391:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.464:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.465:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.467:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.583:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.546:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.548:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.549:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.578:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.371:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.372:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.373:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.376:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.377:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.574:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.584:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.585:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.586:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.587:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.599:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.490:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.534:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.557:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.558:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.560:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.438:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.610:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.611:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.612:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.613:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.622:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.623:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.624:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.581:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.582:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.532:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.551:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.552:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.553:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.554:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.591:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.600:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.601:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.602:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.524:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.525:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.275:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.614:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.615:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.616:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.617:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.618:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.620:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.621:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.519:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.432:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.607:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.498:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.567:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.568:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.571:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.572:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.573:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\orc9m3sj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end




reprt.txt -- sdfix


SDFix: Version 1.79

Run by Owner - Wed 04/25/2007 - 21:08:50.36

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\RunOnce2.t__ - Deleted
C:\WINDOWS\system32\RunOnce2.tm_ - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINDOWS\system32\sstut.dll
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished

#7 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 28 April 2007 - 12:33 PM

Hello :)


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Open HijackThis, Click Do a system scan only, checkmark these. Then close all others windows except HijackThis and press fix checked.

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\hggdbxv.dll (file missing)
O2 - BHO: (no name) - {A1DE93B4-D1A5-42D2-8A32-AE8BBB677502} - C:\WINDOWS\system32\sstut.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\dthtkqik.dll
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\ukrgyiek.dll",realset
O20 - Winlogon Notify: hggdbxv - hggdbxv.dll (file missing)
O20 - Winlogon Notify: sstut - C:\WINDOWS\system32\sstut.dll



Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Delete these files: (if found)
C:\WINDOWS\system32\dthtkqik.dll
C:\WINDOWS\system32\ukrgyiek.dll


Reboot in normal mode !


Please Download F-Secure's Blacklight and save it to your desktop.

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post:
  • A fresh HijackThis log
  • Contents of C:\vundofix.txt
  • Logfile of Blacklight


#8 adriana

adriana

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 30 April 2007 - 07:01 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:57:53 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\fsbl.exe
C:\Program Files\Hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D319A7-7A85-4745-B308-44348777264E} - C:\WINDOWS\system32\sstut.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {FD5239EB-586A-4FA4-B72D-A1CFD816B268} - C:\WINDOWS\system32\qtmfbsfk.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...jong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.co...scifi-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS






VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 5:38:08 PM 4/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\ecohohdu.dll
C:\WINDOWS\system32\eeavwsdf.dll
C:\WINDOWS\system32\hggdbxv.dll
C:\WINDOWS\system32\sstut.dll
C:\WINDOWS\system32\tutss.bak1
C:\WINDOWS\system32\tutss.bak2
C:\WINDOWS\system32\tutss.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ecohohdu.dll
C:\WINDOWS\system32\ecohohdu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eeavwsdf.dll
C:\WINDOWS\system32\eeavwsdf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstut.dll
C:\WINDOWS\system32\sstut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tutss.bak1
C:\WINDOWS\system32\tutss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tutss.bak2
C:\WINDOWS\system32\tutss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tutss.ini
C:\WINDOWS\system32\tutss.ini Has been deleted!

Performing Repairs to the registry.
Done!






backlight

04/30/07 19:38:26 [Info]: BlackLight Engine 1.0.61 initialized
04/30/07 19:38:26 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/30/07 19:38:26 [Note]: 7019 4
04/30/07 19:38:26 [Note]: 7005 0
04/30/07 19:38:36 [Note]: 7006 0
04/30/07 19:38:36 [Note]: 7011 1188
04/30/07 19:38:37 [Note]: 7026 0
04/30/07 19:38:37 [Note]: 7026 0
04/30/07 19:38:39 [Note]: FSRAW library version 1.7.1021
04/30/07 19:43:30 [Note]: 2000 1012

#9 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 01 May 2007 - 03:04 AM

Hello :)


Open HijackThis, Click Do a system scan only, checkmark these. Then close all others windows except HijackThis and press fix checked.

O2 - BHO: (no name) - {22D319A7-7A85-4745-B308-44348777264E} - C:\WINDOWS\system32\sstut.dll (file missing)
O2 - BHO: (no name) - {FD5239EB-586A-4FA4-B72D-A1CFD816B268} - C:\WINDOWS\system32\qtmfbsfk.dll



Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.

Delete this file: (if found)
C:\WINDOWS\system32\qtmfbsfk.dll



Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.


Panda online scanner works only with IE!

  • Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.



Post:* A fresh HijackThis log
* The report of the Panda


#10 NonSuch

NonSuch

    MRU Administrator

  • MRU Teachers
  • 298 posts
  • MVP

Posted 08 May 2007 - 11:00 AM

Since this issue appears to be inactive ... this Topic has been closed.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
The Importance of Updating Your System

Microsoft MVP - Consumer Security 2006 - 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users