Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pease Help, W/ Spyware

Started by Xanderos , May 10 2007 07:16 AM

  • Please log in to reply
13 replies to this topic

#1 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 10 May 2007 - 07:16 AM

Hi there, if possible could you please check out my hijackthis log and let me know if there is something that shouldn't be there (spyware, etc)

-------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:06:05 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lunke\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\scvxgcte.dll",realset
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O15 - Trusted Zone: *.line6.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--------------------------------------

Start up log.

StartupList report, 5/10/2007, 11:14:46 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Lunke\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lunke\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
WindowsService = rundll32.exe "C:\WINDOWS\system32\scvxgcte.dll",realset
PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DAEMON Tools = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
CODEBASE = http://www.fileplane...DC_2.1.2.76.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab

[UnoCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zon...1/GAME_UNO1.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://scan.safety.l...wlscbase969.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1131100669656

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.micros...b?1131103977500

[MJLauncherCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\mjolauncher.dll
CODEBASE = http://messenger.zon...mjolauncher.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[HGPlugin7USA Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HGPlugin7USA.dll
CODEBASE = http://gamedownload....GPlugin7USA.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zon...ro.cab47946.cab

[HGPlugin9USA Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll
CODEBASE = http://gamedownload....GPlugin9USA.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[WheelofFortune Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WoF.ocx
CODEBASE = http://messenger.zon...oF.cab31267.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zon...wn.cab31267.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

user32.dll = C:\Program Files\Video AX Object\bpmon.exe

--------------------------------------------------

End of report, 8,725 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Thank you for you help.

Kind Regards,
Xander

    Advertisements

Register to Remove

#2 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 10 May 2007 - 07:47 AM

Hi and welcome to the forums. :) I'm Markka and I will be helping you with your malware issues. I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be checked by teachers of Malware Removal University. Please be patient. :)

#3 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 10 May 2007 - 08:40 AM

Hello :)


Rename HijackThis.exe to Scanner.exe !

Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.

Go to VirusTotal.*Click on the "Browse"-button
*Find this file: C:\windows\system32\dllcache\win32\winlogon.exe
*Then click on the "open" -button
*Click on the "Send"-button
*Copy/paste the results of VirusTotal into a notepad.
Post:
- A fresh HijackThis log
- The results of VirusTotal

#4 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 11 May 2007 - 11:10 PM

New hijack this list:

Logfile of HijackThis v1.99.1
Scan saved at 3:09:00 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Lunke\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {70463F38-D83B-46EB-9D18-1B5A5FCAA2AF} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80440127-2315-4464-88B9-7ACB72F43ADB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEBCBF54-A8B6-4A09-904F-FCD018A77B9E} - (no file)
O2 - BHO: (no name) - {CF9288C9-B7F1-4F59-909D-94FD18E29E40} - C:\WINDOWS\system32\iwojffvj.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ecogrvae.dll
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\scvxgcte.dll",realset
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O15 - Trusted Zone: *.line6.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\
O20 - Winlogon Notify: nnnkkig - nnnkkig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


-----------------------------------

Virus Total log:


Complete scanning result of "winlogon.exe", received in VirusTotal at 05.12.2007, 07:00:25 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.11.2007 no virus found
AntiVir 7.4.0.15 05.11.2007 no virus found
Authentium 4.93.8 05.11.2007 no virus found
Avast 4.7.997.0 05.11.2007 no virus found
AVG 7.5.0.467 05.11.2007 no virus found
BitDefender 7.2 05.12.2007 no virus found
CAT-QuickHeal 9.00 05.11.2007 no virus found
ClamAV devel-20070416 05.12.2007 no virus found
DrWeb 4.33 05.12.2007 no virus found
eSafe 7.0.15.0 05.10.2007 no virus found
eTrust-Vet 30.7.3628 05.11.2007 no virus found
Ewido 4.0 05.11.2007 no virus found
FileAdvisor 1 05.12.2007 No threat detected
Fortinet 2.85.0.0 05.12.2007 Misc/SrvAny
F-Prot 4.3.2.48 05.11.2007 no virus found
F-Secure 6.70.13030.0 05.11.2007 no virus found
Ikarus T3.1.1.7 05.12.2007 Trojan-PWS.Win32.Agent.cq
Kaspersky 4.0.2.24 05.12.2007 no virus found
McAfee 5029 05.11.2007 no virus found
Microsoft 1.2503 05.12.2007 no virus found
NOD32v2 2262 05.12.2007 no virus found
Norman 5.80.02 05.11.2007 no virus found
Panda 9.0.0.4 05.11.2007 no virus found
Prevx1 V2 05.12.2007 no virus found
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.12.2007 no virus found
Symantec 10 05.12.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.11.2007 no virus found
VirusBuster 4.3.7:9 05.11.2007 no virus found
Webwasher-Gateway 6.0.1 05.11.2007 no virus found

Aditional Information
File size: 13312 bytes
MD5: c9b18abe9063a33e77f6be81cc8df0c5
SHA1: 88be20fba19ce9462c471f1999410b1c2b511287
Bit9 info: http://fileadvisor.b...7f6be81cc8df0c5

-------------------------------

Thnx

#5 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 12 May 2007 - 02:56 AM

Hello :)

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
************************************************************************
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
************************************************************************

Post:
- A fres HijackThis log
- Logfile of SmitfraudFix
- Contents of C:\vundofix.txt

#6 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 12 May 2007 - 09:31 AM

Hijack This -

Logfile of HijackThis v1.99.1
Scan saved at 1:27:51 AM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lunke\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: (no name) - {70463F38-D83B-46EB-9D18-1B5A5FCAA2AF} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEBCBF54-A8B6-4A09-904F-FCD018A77B9E} - (no file)
O2 - BHO: (no name) - {CF9288C9-B7F1-4F59-909D-94FD18E29E40} - C:\WINDOWS\system32\iwojffvj.dll (file missing)
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\scvxgcte.dll",realset
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O15 - Trusted Zone: *.line6.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\
O20 - Winlogon Notify: nnnkkig - nnnkkig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--------------------------------------------------------

Smitfraud -


SmitFraudFix v2.181

Scan done at 1:29:47.78, Sun 05/13/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\xuoce.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lunke


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lunke\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lunke\FAVORI~1

C:\DOCUME~1\Lunke\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyLocked 3.6\ FOUND !
C:\Program Files\Video AX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da3b49f6-8c54-4429-a275-21a86dcca413}"="admissibility"

[HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\WINDOWS\system32\xuoce.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\WINDOWS\system32\xuoce.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{743B2A68-A515-4221-8D5D-D0B566E1AD06}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6CE6018-68C4-4580-8DCB-9CED5C384588}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{743B2A68-A515-4221-8D5D-D0B566E1AD06}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6CE6018-68C4-4580-8DCB-9CED5C384588}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{743B2A68-A515-4221-8D5D-D0B566E1AD06}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F6CE6018-68C4-4580-8DCB-9CED5C384588}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


--------------------------------------------------------------


Vundo -


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 1:14:49 AM 5/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\ecogrvae.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ecogrvae.dll
C:\WINDOWS\system32\ecogrvae.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.tmp
C:\WINDOWS\system32\tvvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

#7 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 12 May 2007 - 10:31 AM

Hello :)

Have you created these lines by yourself?
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

Or can you recognize them?

**************************************************************

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
**************************************************************

Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
**************************************************************
Post:
- A fresh HijackThis log
- Contents of rapport.txt

#8 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 13 May 2007 - 04:38 AM

Firstly as far as i am aware i did not create or recognise the following lines.

O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

------------------------------------------------------------

Whilst in Safe Mode:

SmitFraud -


SmitFraudFix v2.181

Scan done at 20:20:06.71, Sun 05/13/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da3b49f6-8c54-4429-a275-21a86dcca413}"="admissibility"

[HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\WINDOWS\system32\xuoce.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\WINDOWS\system32\xuoce.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\xuoce.dll -> Hoax.Win32.Renos.gen.l
C:\WINDOWS\system32\xuoce.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\SpyLocked 3.6\ Deleted
C:\Program Files\Video AX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



HiJack This -


Logfile of HijackThis v1.99.1
Scan saved at 8:29:47 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lunke\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {70463F38-D83B-46EB-9D18-1B5A5FCAA2AF} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEBCBF54-A8B6-4A09-904F-FCD018A77B9E} - (no file)
O2 - BHO: (no name) - {CF9288C9-B7F1-4F59-909D-94FD18E29E40} - C:\WINDOWS\system32\iwojffvj.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\scvxgcte.dll",realset
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O15 - Trusted Zone: *.line6.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\
O20 - Winlogon Notify: nnnkkig - nnnkkig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


cheers.

#9 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 13 May 2007 - 12:00 PM

Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

*******************************************************************'
Open HijackThis, Click Do a system scan only, checkmark these. Then close all others windows except HijackThis and press fix checked.

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {70463F38-D83B-46EB-9D18-1B5A5FCAA2AF} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BEBCBF54-A8B6-4A09-904F-FCD018A77B9E} - (no file)
O2 - BHO: (no name) - {CF9288C9-B7F1-4F59-909D-94FD18E29E40} - C:\WINDOWS\system32\iwojffvj.dll (file missing)
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\scvxgcte.dll",realset
O15 - Trusted Zone: *.line6.net
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: mllmm - C:\WINDOWS\
O20 - Winlogon Notify: nnnkkig - nnnkkig.dll (file missing)
*******************************************************************'
Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop NTLOAD
sc stop NTSVCMGR
sc delete NTLOAD
sc delete NTSVCMGR
exit

Save the document to your desktop as Fix.bat and filetype: All Files
Go to your desktop and run the file Fix.bat and answer yes to any questions.
*******************************************************************'
Please download
Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
*******************************************************************'
Make your hidden files visible:
  • Click start
  • Click my computer
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
*******************************************************************'
Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
*******************************************************************'
Delete this file: (if found)
C:\WINDOWS\system32\scvxgcte.dll

Delete this folder: (if found)
C:\windows\system32\dllcache\win32

*******************************************************************'
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
*******************************************************************'
  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start -> Run
  • Copy and paste the contents of the below codebox into the run box
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic, along with a new HijackThis log
*******************************************************************'

Post:
- A fresh HijackThis log
- AVG's log
- Logfile of Blacklight

#10 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 14 May 2007 - 04:56 PM

Hijack this -

Logfile of HijackThis v1.99.1
Scan saved at 8:54:33 AM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lunke\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--------------------------------------------------------------------------

AVG Spyware -

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:20:56 AM 5/15/2007

+ Scan result:



C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP544\A0170092.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP544\A0170093.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP544\A0170094.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP544\A0170101.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.188:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.190:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.382:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.691:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.692:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.385:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.440:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.207:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.209:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.210:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.211:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.212:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.213:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.215:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.752:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.753:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.110:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.111:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.275:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.276:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.461:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.462:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.458:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.459:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.480:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.481:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.408:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.409:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.410:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.20:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.21:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.797:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.795:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.796:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.348:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.688:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.807:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.808:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.41:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.351:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.356:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.358:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.359:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.360:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.654:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.655:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.656:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.657:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.658:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.659:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.757:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.195:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.196:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.100:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.712:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.742:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.743:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.216:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.217:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.218:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.219:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.220:C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

--------------------------------------------------------------------------

fsbl report -

05/15/07 08:45:17 [Info]: BlackLight Engine 1.0.61 initialized
05/15/07 08:45:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/15/07 08:45:17 [Note]: 7019 4
05/15/07 08:45:17 [Note]: 7005 0
05/15/07 08:45:21 [Note]: 7006 0
05/15/07 08:45:21 [Note]: 7022 0
05/15/07 08:45:21 [Note]: 7011 640
05/15/07 08:45:21 [Note]: 7026 0
05/15/07 08:45:21 [Note]: 7026 0
05/15/07 08:45:26 [Note]: FSRAW library version 1.7.1021
05/15/07 08:53:11 [Note]: 2000 1012
05/15/07 08:53:11 [Note]: 2000 1012
05/15/07 08:54:26 [Note]: 7007 0

#11 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 15 May 2007 - 07:29 AM

Hello :)


Kaspersky online scanner works only with IE!

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.




Post:
- A fresh HijackThis log
- Kaspersky's report

#12 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2007 - 09:23 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 20, 2007 1:19:32 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/05/2007
Kaspersky Anti-Virus database records: 324450
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 165150
Number of viruses found: 14
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 02:58:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\cert8.db Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\history.dat Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\key3.db Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\parent.lock Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Lunke\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Lunke\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\dfsr.db Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\fsr.log Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\tmp.edb Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows Live Contacts\luke.begg@gmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows Live Contacts\luke.begg@gmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tvjtfo5f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\History\History.IE5\MSHist012007051920070520\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\hsperfdata_Lunke\2512 Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DFE3CC.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DFE3D7.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DFEDA3.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DFEDAE.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\net.exe/data0002 Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\Documents and Settings\Lunke\net.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Lunke\ntuser.dat Object is locked skipped
C:\Documents and Settings\Lunke\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP528\A0160512.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP528\A0160513.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP531\A0162679.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP531\A0162680.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP532\A0162820.exe Infected: not-a-virus:AdWare.Win32.Chiem.c skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP535\A0162897.exe/setup.zip/4 Infected: not-a-virus:AdWare.Win32.Chiem.c skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP535\A0162897.exe/setup.zip Infected: not-a-virus:AdWare.Win32.Chiem.c skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP535\A0162897.exe SEA: infected - 2 skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP540\A0169970.exe/data0002 Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP540\A0169970.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP540\A0169970.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP543\A0170022.exe/data0002 Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP543\A0170022.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP549\A0171640.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP549\A0171641.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP549\A0172572.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP549\A0172629.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP551\A0172767.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP552\A0172918.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP552\A0172928.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.brk skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP552\A0172928.exe/stream Infected: Trojan-Downloader.Win32.Zlob.brk skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP552\A0172928.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173009.exe Object is locked skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP553\A0173029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP557\A0174199.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP558\A0174257.dll Object is locked skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP558\A0174260.exe Infected: not-a-virus:FraudTool.Win32.SpyLocked.b skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP558\A0174261.dll Object is locked skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP559\A0174384.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP559\change.log Object is locked skipped
C:\VundoFix Backups\ecogrvae.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\net.exe/data0002 Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\WINDOWS\net.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\WINDOWS\net.exe NSIS: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1464 Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


-----------------------------------------------

Hijack this:


Logfile of HijackThis v1.99.1
Scan saved at 1:22:58 AM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lunke\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

#13 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 20 May 2007 - 06:02 AM

Hello :)

You don't have a firewall on your computer. Here are free and good firewalls: (Install only one)

Comodo
OutPost
Kerio
Sygate
ZoneAlarm

*******************************************
Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop "Automatic LiveUpdate Scheduler"
sc delete "Automatic LiveUpdate Scheduler"

Save the document to your desktop as Fix.bat and filetype: All Files
Go to your desktop and run the file Fix.bat and answer yes to any questions.
*******************************************

Empty this folder:
C:\VundoFix Backups

Delete this folder:
C:\Program Files\Symantec

Delete these files:
C:\WINDOWS\net.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
C:\Documents and Settings\Lunke\net.exe

*******************************************
Disable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • Select Turn off System Restore
  • Click apply and click OK
  • Reboot!
Enable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • un-check Turn off System Restore
  • Click apply and click OK
  • Reboot!
*******************************************
Re-run the kaspersky online scanner!
*******************************************


Post:
- A fresh HijackThis log
- Kaspersky's report

#14 Xanderos

Xanderos

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 02 June 2007 - 08:14 PM

Sorry for the slow reply...

Sunday, June 03, 2007 12:10:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/06/2007
Kaspersky Anti-Virus database records: 336493
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
I:\
J:\
Scan Statistics
Total number of scanned objects 162493
Number of viruses found 3
Number of infected objects 13
Number of suspicious objects 0
Duration of the scan process 02:27:26

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lunke\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lunke\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\dfsr.db Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\fsr.log Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Messenger\luke.begg@gmail.com\SharingMetadata\Working\database_6A90_7055_9070_29A9\tmp.edb Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows Live Contacts\luke.begg@gmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Application Data\Microsoft\Windows Live Contacts\luke.begg@gmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DF2ED5.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DF335B.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DF7357.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temp\~DF7362.tmp Object is locked skipped
C:\Documents and Settings\Lunke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lunke\ntuser.dat Object is locked skipped
C:\Documents and Settings\Lunke\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP5\A0000500.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP5\A0000500.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP5\A0000500.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP5\A0000500.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\560 Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{71EC637B-F259-4970-AD65-63D35176FBD0}\RP7\change.log Object is locked skipped
Scan process completed.


-----------------------------------------

Hijack this


Logfile of HijackThis v1.99.1
Scan saved at 12:13:49 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lunke\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.1.2.76.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131100669656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131103977500
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zon...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·